Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2019-10577

    Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon... Read more

    • EPSS Score: %0.26
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-25524

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.4

    HIGH
    CVE-2020-11191

    Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sn... Read more

    • EPSS Score: %0.24
    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2018-14994

    The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.android.hiddenmenu (versionName=1.0, platformBuildVersionNam... Read more

    Affected Products : phone_firmware phone
    • EPSS Score: %0.29
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2022-30713

    Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.... Read more

    Affected Products : android dex
    • EPSS Score: %0.09
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-26833

    An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series ... Read more

    • EPSS Score: %88.09
    • Published: May. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2014-2626

    Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.... Read more

    Affected Products : network_virtualization
    • EPSS Score: %47.01
    • Published: Jul. 26, 2014
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2024-5958

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.This issue affects Panel: before v2.3.24.... Read more

    Affected Products : panel
    • Published: Sep. 18, 2024
    • Modified: Sep. 26, 2024

  • 9.4

    HIGH
    CVE-2019-14020

    Multiple Read overflows issue due to improper length check while decoding dedicated_eps_bearer_req/ act_def_context_req/ cs_serv_notification/ emm_info/ guti_realloc_cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industria... Read more

    • EPSS Score: %0.24
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2018-3881

    An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data ... Read more

    Affected Products : focalscope
    • EPSS Score: %1.98
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-41591

    ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.... Read more

    Affected Products : eclair
    • EPSS Score: %0.77
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2008-1249

    snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the "Cal... Read more

    Affected Products : 320_sip_phone
    • EPSS Score: %0.62
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2019-14019

    Multiple Read overflows issue due to improper length check while decoding RAU accept/PDN disconnect Rej/Modify EPS ctxt req/bearer resource alloc Rej/Deact EPs bearer REq in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industri... Read more

    • EPSS Score: %0.24
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-6716

    An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (ba... Read more

    Affected Products : nervepoint_access_manager
    • EPSS Score: %3.57
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-11251

    Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdra... Read more

    • EPSS Score: %0.24
    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-43761

    Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.  ... Read more

    Affected Products : industrial_automation_aprol
    • EPSS Score: %0.07
    • Published: Feb. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2022-30711

    Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.... Read more

    Affected Products : android dex
    • EPSS Score: %0.06
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-1899

    Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller.... Read more

    • EPSS Score: %0.08
    • Published: Jun. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-22272

    The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker... Read more

    Affected Products : mybuildings mybusch-jaeger
    • EPSS Score: %0.19
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-35783

    A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server 2022 (All versions < V2022 SP1 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2... Read more

    • Published: Sep. 10, 2024
    • Modified: Jan. 14, 2025
Showing 20 of 291562 Results