Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-20623

    Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.... Read more

    Affected Products : video_insight_vms
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20658

    SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-8440

    Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to ... Read more

    • Published: Nov. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8438

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler befor... Read more

    • Published: Nov. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-6549

    Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.... Read more

    Affected Products : jdk jre
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-20509

    IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.... Read more

    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2321

    web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.... Read more

    Affected Products : f460 f660
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7552

    On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.... Read more

    Affected Products : threat_discovery_appliance
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-1303

    Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.... Read more

    Affected Products : safari
    • Published: Mar. 26, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1300

    Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.... Read more

    Affected Products : mac_os_x safari
    • Published: Mar. 26, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-0648

    The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID... Read more

    Affected Products : secure_access_control_system
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-0554

    Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR... Read more

    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7489

    Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.... Read more

    Affected Products : virtual_machine
    • Published: Nov. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2016-7457

    VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.... Read more

    Affected Products : vrealize_operations
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-6617

    The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.... Read more

    Affected Products : salt
    • Published: Nov. 05, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-6213

    Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.... Read more

    Affected Products : loadrunner
    • Published: Apr. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-5809

    Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors re... Read more

    Affected Products : jdk jre jre jdk
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-5788

    Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.... Read more

    Affected Products : jdk jre
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-5754

    The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator passwor... Read more

    • Published: Sep. 17, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-5613

    Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a de... Read more

    • Published: Dec. 11, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293331 Results