Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2019-2016

    In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible out-of-bound write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Pro... Read more

    Affected Products : android
    • EPSS Score: %0.14
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-16118

    A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.... Read more

    Affected Products : sfos xg_firewall
    • EPSS Score: %0.43
    • Published: Jun. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2019-1848

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports neces... Read more

    • EPSS Score: %0.37
    • Published: Jun. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-8411

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentia... Read more

    Affected Products : dcs-1130_firmware dcs-1130
    • EPSS Score: %9.04
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2106

    In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: ... Read more

    Affected Products : android
    • EPSS Score: %0.37
    • Published: Jul. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-12574

    A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability ... Read more

    • EPSS Score: %0.42
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-13637

    In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability... Read more

    Affected Products : join.me
    • EPSS Score: %1.33
    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-13382

    UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\Inva... Read more

    Affected Products : windows snagit
    • EPSS Score: %0.53
    • Published: Jul. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1927

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected sof... Read more

    • EPSS Score: %0.30
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-14986

    eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password")... Read more

    • EPSS Score: %2.06
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2108

    In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitat... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2184

    In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitat... Read more

    Affected Products : android
    • EPSS Score: %0.37
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2019-17535

    Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.... Read more

    Affected Products : gila_cms
    • EPSS Score: %0.34
    • Published: Oct. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2019-15065

    A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).... Read more

    Affected Products : gpon_firmware gpon
    • EPSS Score: %0.39
    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2206

    In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is needed for exploitation.P... Read more

    Affected Products : android
    • EPSS Score: %1.24
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-3366

    Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.... Read more

    Affected Products : tew-812dru_firmware tew-812dru
    • EPSS Score: %0.24
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-15344

    The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). ... Read more

    Affected Products : camon_iclick_firmware camon_iclick
    • EPSS Score: %0.38
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-15388

    The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13)... Read more

    Affected Products : mega_5_firmware mega_5
    • EPSS Score: %0.38
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-15595

    A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands.... Read more

    • EPSS Score: %0.66
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-2248

    An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.... Read more

    Affected Products : debian_linux dhclient
    • EPSS Score: %2.44
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291618 Results