Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-2242

    Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %7.81
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-10780

    BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.... Read more

    Affected Products : bibtex-ruby
    • EPSS Score: %2.84
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11062

    The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.... Read more

    Affected Products : wmpro
    • EPSS Score: %5.57
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4588

    Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command.... Read more

    Affected Products : eserv
    • EPSS Score: %9.26
    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-6552

    Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors.... Read more

    Affected Products : phpvms
    • EPSS Score: %0.32
    • Published: May. 10, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-12042

    Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system servic... Read more

    • EPSS Score: %0.71
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9542

    D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the ... Read more

    • EPSS Score: %2.16
    • Published: Jun. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2004-1903

    Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag.... Read more

    Affected Products : contact_3d
    • EPSS Score: %5.02
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-15123

    Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.... Read more

    Affected Products : zipabox_firmware zipabox
    • EPSS Score: %0.32
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4630

    Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors.... Read more

    Affected Products : midgard_components_framework
    • EPSS Score: %0.38
    • Published: Oct. 21, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1830

    Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query.... Read more

    Affected Products : soulseek
    • EPSS Score: %33.92
    • Published: May. 29, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2018-0268

    A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure defaul... Read more

    • EPSS Score: %10.10
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-2417

    media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memor... Read more

    Affected Products : android
    • EPSS Score: %13.16
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-16957

    The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary abl... Read more

    Affected Products : webcenter_interaction
    • EPSS Score: %8.19
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-17068

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the se... Read more

    Affected Products : dir-816_a2_firmware dir-816_a2
    • EPSS Score: %14.54
    • Published: Sep. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-0559

    Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce ... Read more

    Affected Products : webshield_smtp
    • EPSS Score: %19.53
    • Published: Apr. 04, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-10996

    The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.... Read more

    Affected Products : dir-629-b_firmware dir-629-b
    • EPSS Score: %1.42
    • Published: May. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-2156

    Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vectors.... Read more

    Affected Products : online_recruitment_agency
    • EPSS Score: %0.64
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2018-18748

    Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended f... Read more

    Affected Products : sandboxie sandboxie
    • EPSS Score: %0.80
    • Published: Oct. 29, 2018
    • Modified: Aug. 04, 2025

  • 10.0

    HIGH
    CVE-2010-3510

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Ma... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %4.29
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 291513 Results