Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-20122

    The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code executi... Read more

    Affected Products : fastgate_firmware fastgate
    • EPSS Score: %5.91
    • Published: Feb. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13887

    Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650... Read more

    • EPSS Score: %0.31
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-3316

    Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".... Read more

    Affected Products : wnr1000_firmware wnr1000
    • EPSS Score: %0.23
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13649

    TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5).... Read more

    Affected Products : m7350_firmware m7350
    • EPSS Score: %4.01
    • Published: Oct. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2204

    In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed ... Read more

    Affected Products : android
    • EPSS Score: %1.25
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2271

    Buffer over read can happen while parsing downlink session management OTA messages if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdrago... Read more

    • EPSS Score: %0.37
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-3842

    Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.4 and the Color LaserJet CP3525 Printer with firmware 53.021.2 allows remote attackers to obtain "access to data" or cause a denial of service via unknown ... Read more

    • EPSS Score: %1.13
    • Published: Nov. 20, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-14699

    An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be ... Read more

    • EPSS Score: %8.49
    • Published: Aug. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15067

    An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the log... Read more

    • EPSS Score: %0.39
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-3444

    Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install.... Read more

    Affected Products : retail_integration_bus
    • EPSS Score: %3.38
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7303

    Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.... Read more

    Affected Products : management_console
    • EPSS Score: %9.49
    • Published: Sep. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-15609

    The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.... Read more

    Affected Products : kill-port-process
    • EPSS Score: %7.24
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-7716

    libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873.... Read more

    Affected Products : android
    • EPSS Score: %1.47
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-25094

    LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default... Read more

    Affected Products : platform_manager
    • EPSS Score: %12.43
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-3655

    The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.... Read more

    Affected Products : pan-os
    • EPSS Score: %1.31
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-4189

    HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet i... Read more

    Affected Products : operations_manager
    • EPSS Score: %83.49
    • Published: Dec. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-7856

    OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.... Read more

    Affected Products : opennms
    • EPSS Score: %1.78
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-25187

    Medtronic MyCareLink Smart 25000 is  vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart Patient Reader software stack. The heap overflow could allo... Read more

    • EPSS Score: %0.90
    • Published: Dec. 14, 2020
    • Modified: May. 22, 2025

  • 10.0

    HIGH
    CVE-2004-2513

    Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.... Read more

    Affected Products : pegasus
    • EPSS Score: %32.41
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2009-4240

    Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.... Read more

    Affected Products : infosphere_information_server
    • EPSS Score: %1.37
    • Published: Dec. 09, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 291058 Results