Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-2564

    Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function.... Read more

    Affected Products : digital_music_mentor
    • EPSS Score: %6.01
    • Published: May. 09, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-2481

    PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] paramete... Read more

    Affected Products : phpraider
    • EPSS Score: %3.84
    • Published: May. 28, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3684

    Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to execute arbitrary code via crafted packet data to TCP port 2606.... Read more

    Affected Products : documentum_applicationxtender
    • EPSS Score: %3.16
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-2362

    Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks.... Read more

    Affected Products : winny
    • EPSS Score: %0.35
    • Published: Aug. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-26338

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system com... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5409

    AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary... Read more

    Affected Products : sipass_integrated
    • EPSS Score: %35.38
    • Published: Nov. 01, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-3111

    Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.... Read more

    • EPSS Score: %51.69
    • Published: Jun. 07, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-3867

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.... Read more

    Affected Products : android
    • EPSS Score: %1.47
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-10531

    Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD... Read more

    • EPSS Score: %0.27
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-36412

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this ... Read more

    Affected Products : suitecrm
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-6852

    CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required.... Read more

    Affected Products : tv-288zd-2mp_firmware tv-288zd-2mp
    • EPSS Score: %0.74
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35219

    The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= ... Read more

    Affected Products : dsl-n17u_firmware dsl-n17u
    • EPSS Score: %0.36
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-6350

    listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb.... Read more

    Affected Products : listpics
    • EPSS Score: %1.13
    • Published: Dec. 07, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-17932

    A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port ... Read more

    Affected Products : allmediaserver
    • EPSS Score: %77.39
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2010-1185

    Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained ... Read more

    Affected Products : maxdb
    • EPSS Score: %36.60
    • Published: Mar. 29, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-16209

    A malicious attacker could exploit the interface of the Fieldcomm Group HART-IP (release 1.0.0.0) by constructing messages with sufficiently large payloads to overflow the internal buffer and crash the device, or obtain control of the device.... Read more

    • EPSS Score: %0.28
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5973

    CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : xcom_data_transport
    • EPSS Score: %1.88
    • Published: Dec. 10, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-13307

    System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • EPSS Score: %15.30
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17510

    D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizar... Read more

    Affected Products : dir-846_firmware dir-846
    • EPSS Score: %6.20
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0376

    The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.... Read more

    • EPSS Score: %1.20
    • Published: Feb. 25, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 291274 Results