Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-3217

    CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker... Read more

    • EPSS Score: %0.50
    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-42662

    JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE b... Read more

    Affected Products : artifactory
    • Published: Mar. 07, 2024
    • Modified: Mar. 11, 2025

  • 9.3

    CRITICAL
    CVE-2021-21276

    Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of user... Read more

    Affected Products : polr
    • EPSS Score: %18.53
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-26913

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.... Read more

    Affected Products : netmotion_mobility
    • EPSS Score: %35.43
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-26914

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.... Read more

    Affected Products : netmotion_mobility
    • EPSS Score: %64.44
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-46823

    A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V... Read more

    Affected Products : saml
    • EPSS Score: %0.46
    • Published: Jan. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-2856

    An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully... Read more

    Affected Products : c1_firmware c1
    • EPSS Score: %0.42
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-2857

    An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully... Read more

    Affected Products : c1_firmware c1
    • EPSS Score: %0.42
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-17208

    Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the... Read more

    Affected Products : velop_firmware velop
    • EPSS Score: %16.69
    • Published: Sep. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-13140

    Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.... Read more

    Affected Products : linux_kernel windows antidote_9 antidote
    • EPSS Score: %5.06
    • Published: Sep. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-10602

    WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.... Read more

    Affected Products : levistudiou
    • EPSS Score: %0.43
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-10606

    WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files.... Read more

    Affected Products : levistudiou
    • EPSS Score: %0.43
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9075

    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrar... Read more

    • EPSS Score: %26.45
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9077

    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary co... Read more

    • EPSS Score: %1.87
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-42833

    A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings.... Read more

    Affected Products : aquaview
    • EPSS Score: %0.04
    • Published: Feb. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9491

    In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for... Read more

    Affected Products : android
    • EPSS Score: %0.34
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9497

    In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed ... Read more

    Affected Products : android
    • EPSS Score: %0.42
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9498

    In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android... Read more

    Affected Products : android
    • EPSS Score: %0.42
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-0423

    A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial o... Read more

    • EPSS Score: %3.87
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-0796

    A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Sep. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291615 Results