Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-0301

    A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input valid... Read more

    • EPSS Score: %2.68
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0258

    A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affec... Read more

    • EPSS Score: %30.70
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0253

    A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted us... Read more

    Affected Products : secure_access_control_system
    • EPSS Score: %4.51
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0304

    A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary code ... Read more

    • EPSS Score: %2.40
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0147

    A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure... Read more

    Affected Products : secure_access_control_system
    • Actively Exploited
    • EPSS Score: %19.92
    • Published: Mar. 08, 2018
    • Modified: Jan. 27, 2025

  • 10.0

    HIGH
    CVE-2018-0171

    A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitra... Read more

    Affected Products : ios
    • Actively Exploited
    • EPSS Score: %93.21
    • Published: Mar. 28, 2018
    • Modified: Jan. 27, 2025

  • 10.0

    CRITICAL
    CVE-2018-0101

    A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerabi... Read more

    • EPSS Score: %90.80
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0150

    A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credenti... Read more

    • EPSS Score: %7.58
    • Published: Mar. 28, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0151

    A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The ... Read more

    Affected Products : ios_xe ios
    • Actively Exploited
    • EPSS Score: %9.81
    • Published: Mar. 28, 2018
    • Modified: Jan. 27, 2025

  • 10.0

    HIGH
    CVE-2018-0035

    QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Op... Read more

    Affected Products : junos qfx10002 qfx5200
    • EPSS Score: %0.12
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9944

    A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations ... Read more

    • EPSS Score: %2.60
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2024-44146

    A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Sep. 17, 2024
    • Modified: Mar. 25, 2025

  • 10.0

    HIGH
    CVE-2017-9828

    '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is alread... Read more

    • EPSS Score: %57.86
    • Published: Jun. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9769

    A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.... Read more

    Affected Products : synapse
    • EPSS Score: %77.70
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9807

    An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated rem... Read more

    Affected Products : openwebif
    • EPSS Score: %14.04
    • Published: Jun. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9638

    Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.... Read more

    Affected Products : e-designer
    • EPSS Score: %0.62
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9634

    Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and s... Read more

    Affected Products : e-designer
    • EPSS Score: %0.62
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9636

    Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.... Read more

    Affected Products : e-designer
    • EPSS Score: %0.62
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9232

    Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.... Read more

    Affected Products : juju
    • EPSS Score: %76.53
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9034

    Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.... Read more

    Affected Products : serverprotect
    • EPSS Score: %7.39
    • Published: May. 26, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292749 Results