Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-20955

    Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31.... Read more

    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12618

    HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.... Read more

    Affected Products : nomad
    • Published: Aug. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12103

    The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.... Read more

    Affected Products : m7350_firmware m7350
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11030

    Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a g... Read more

    Affected Products : mirasys_vms
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11031

    Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.... Read more

    Affected Products : mirasys_vms
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15497

    Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.... Read more

    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10891

    An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell comma... Read more

    Affected Products : dir-806_firmware dir-806
    • Published: Sep. 06, 2019
    • Modified: Jan. 09, 2025

  • 10.0

    HIGH
    CVE-2019-13473

    TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service withi... Read more

    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-16650

    On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, a... Read more

    • Published: Sep. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2130

    In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17124

    Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.... Read more

    Affected Products : viaware
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9535

    A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vul... Read more

    Affected Products : iterm2
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11526

    An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.... Read more

    Affected Products : uagate_si_firmware uagate_si
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9533

    The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.... Read more

    Affected Products : explorer_710_firmware explorer_710
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12941

    AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived ... Read more

    • Published: Oct. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13653

    TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5).... Read more

    Affected Products : m7350_firmware m7350
    • Published: Oct. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13553

    Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary ... Read more

    Affected Products : pcoweb_firmware chiller_sk_3232
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-5127

    A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in... Read more

    Affected Products : youphptube_encoder
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14450

    A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can u... Read more

    Affected Products : repetier-server
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-4031

    An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and in... Read more

    Affected Products : smart_firewall
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293708 Results