Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-8001

    The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account.... Read more

    Affected Products : aptus
    • EPSS Score: %0.39
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18140

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650... Read more

    • EPSS Score: %0.26
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9021

    Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer paramete... Read more

    • EPSS Score: %0.32
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9027

    ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.... Read more

    • EPSS Score: %3.19
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0342

    There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812576... Read more

    Affected Products : android
    • EPSS Score: %0.17
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0380

    In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: A... Read more

    Affected Products : android
    • EPSS Score: %5.02
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18146

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD ... Read more

    • EPSS Score: %0.10
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13447

    An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection.... Read more

    Affected Products : xpare
    • EPSS Score: %0.24
    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15623

    This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When ... Read more

    Affected Products : webpanel
    • EPSS Score: %3.18
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-42077

    PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely comp... Read more

    Affected Products : php_event_calendar
    • EPSS Score: %0.75
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-42311

    Microsoft Defender for IoT Remote Code Execution Vulnerability... Read more

    Affected Products : defender_for_iot
    • EPSS Score: %2.70
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-0316

    In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for e... Read more

    Affected Products : android
    • EPSS Score: %5.05
    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-15124

    Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.... Read more

    Affected Products : zipabox_firmware zipabox
    • EPSS Score: %0.37
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-2412

    Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    • EPSS Score: %23.73
    • Published: Sep. 21, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-44632

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • EPSS Score: %0.90
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-15350

    Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.... Read more

    • EPSS Score: %0.71
    • Published: Aug. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-15381

    A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-suppli... Read more

    Affected Products : unity_express
    • EPSS Score: %58.75
    • Published: Nov. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45618

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800... Read more

    • EPSS Score: %1.53
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20698

    Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 an... Read more

    • EPSS Score: %0.47
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20711

    Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.... Read more

    • EPSS Score: %0.65
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291219 Results