Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2006-5238

    Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors.... Read more

    Affected Products : blue_smiley_organizer
    • EPSS Score: %0.38
    • Published: Oct. 12, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-27250

    The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data.... Read more

    Affected Products : unisoc_chipset
    • EPSS Score: %0.34
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-48419

    An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege  ... Read more

    • EPSS Score: %0.02
    • Published: Jan. 02, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-2427

    Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.... Read more

    Affected Products : xarrow
    • EPSS Score: %3.23
    • Published: May. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-7665

    An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.... Read more

    Affected Products : clipbucket
    • EPSS Score: %71.88
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-2568

    d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.... Read more

    Affected Products : blackarmor_nas
    • EPSS Score: %1.10
    • Published: May. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-11138

    Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... Read more

    Affected Products : apq8009 apq8009w apq8017 apq8030 apq8037 apq8052 apq8053 apq8056 apq8062 apq8064 +481 more products
    • EPSS Score: %0.33
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11143

    Out of bound memory access during music playback with modified content due to copying data without checking destination buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdr... Read more

    Affected Products : apq8009 apq8017 apq8030 apq8037 apq8052 apq8053 apq8056 apq8060a apq8062 apq8064 +484 more products
    • EPSS Score: %0.33
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-2197

    By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations.... Read more

    Affected Products : rme1_firmware rme1
    • EPSS Score: %0.20
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-5374

    Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01.... Read more

    Affected Products : pharmaceutical
    • EPSS Score: %2.75
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-27569

    Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.... Read more

    Affected Products : android dex
    • EPSS Score: %1.17
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8868

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The ... Read more

    Affected Products : foglight_evolve
    • EPSS Score: %25.68
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11811

    In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file.... Read more

    Affected Products : qdpm
    • EPSS Score: %0.94
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11691

    Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue... Read more

    Affected Products : ve6046_firmware ve6046
    • EPSS Score: %0.48
    • Published: May. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-6769

    Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confident... Read more

    • EPSS Score: %1.08
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20020

    A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.... Read more

    Affected Products : global_management_system
    • EPSS Score: %2.38
    • Published: Apr. 10, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0444

    HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : solaris operations_agent
    • EPSS Score: %6.43
    • Published: Feb. 09, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-10271

    MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ... Read more

    • EPSS Score: %0.44
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11552

    An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to es... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %5.32
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26887

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system ... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.40
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291275 Results