Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-15067

    An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the log... Read more

    • EPSS Score: %0.39
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-3444

    Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install.... Read more

    Affected Products : retail_integration_bus
    • EPSS Score: %3.38
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7303

    Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.... Read more

    Affected Products : management_console
    • EPSS Score: %9.49
    • Published: Sep. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-15609

    The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.... Read more

    Affected Products : kill-port-process
    • EPSS Score: %7.24
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-7716

    libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873.... Read more

    Affected Products : android
    • EPSS Score: %1.47
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-25094

    LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default... Read more

    Affected Products : platform_manager
    • EPSS Score: %12.43
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-3655

    The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.... Read more

    Affected Products : pan-os
    • EPSS Score: %1.31
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-4189

    HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet i... Read more

    Affected Products : operations_manager
    • EPSS Score: %83.49
    • Published: Dec. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-7856

    OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.... Read more

    Affected Products : opennms
    • EPSS Score: %1.78
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-25187

    Medtronic MyCareLink Smart 25000 is  vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart Patient Reader software stack. The heap overflow could allo... Read more

    • EPSS Score: %0.90
    • Published: Dec. 14, 2020
    • Modified: May. 22, 2025

  • 10.0

    HIGH
    CVE-2004-2513

    Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.... Read more

    Affected Products : pegasus
    • EPSS Score: %32.41
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2009-4240

    Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.... Read more

    Affected Products : infosphere_information_server
    • EPSS Score: %1.37
    • Published: Dec. 09, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-7906

    LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors.... Read more

    • EPSS Score: %0.38
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-25537

    File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.... Read more

    Affected Products : ucms
    • EPSS Score: %0.40
    • Published: Nov. 30, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17508

    On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.... Read more

    • EPSS Score: %20.96
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17600

    Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.... Read more

    Affected Products : iwr_1000n_firmware iwr_1000n
    • EPSS Score: %0.20
    • Published: Oct. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-4476

    Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-09-28.00 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.15 through 8.11. NOTE: some of t... Read more

    Affected Products : virobot_desktop
    • EPSS Score: %5.78
    • Published: Dec. 30, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-27600

    HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter.... Read more

    Affected Products : dir-846_firmware dir-846
    • EPSS Score: %76.36
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-28187

    Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /incl... Read more

    Affected Products : tos tos
    • EPSS Score: %64.16
    • Published: Dec. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-20451

    The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials ca... Read more

    • EPSS Score: %12.49
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291360 Results