Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-2255

    An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdrag... Read more

    • Published: Jun. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12549

    WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12550

    WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-18472

    Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address... Read more

    Affected Products : my_book_live_firmware my_book_live
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12920

    On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET lo... Read more

    • Published: Jun. 20, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-16618

    VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are c... Read more

    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8408

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials ... Read more

    Affected Products : dcs-1130_firmware dcs-1130
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7261

    Linear eMerge E3-Series devices have Hard-coded Credentials.... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8404

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentia... Read more

    Affected Products : dcs-1130_firmware dcs-1130
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7274

    Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.... Read more

    Affected Products : enterprise proton
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13294

    AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.... Read more

    Affected Products : school-erp
    • Published: Jul. 04, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12803

    In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote... Read more

    Affected Products : i-onenet
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13561

    D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.... Read more

    Affected Products : dir-655_firmware dir-655
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13598

    LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.... Read more

    Affected Products : vera_edge_firmware vera_edge
    • Published: Jul. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-1010296

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.... Read more

    Affected Products : op-tee
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-1010297

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.... Read more

    Affected Products : op-tee
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-6824

    A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.... Read more

    Affected Products : proclima
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-1917

    A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An att... Read more

    Affected Products : vision_dynamic_signage_director
    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2307

    Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon M... Read more

    • Published: Jul. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14363

    A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.... Read more

    Affected Products : wndr3400v3_firmware wndr3400v3
    • Published: Jul. 28, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results