Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-1987

    The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %4.40
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9981

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot.... Read more

    Affected Products : android
    • EPSS Score: %0.25
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-2279

    cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_... Read more

    • EPSS Score: %42.16
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-0027

    Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote at... Read more

    • EPSS Score: %39.72
    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2000-0449

    Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields.... Read more

    Affected Products : studio
    • EPSS Score: %1.54
    • Published: May. 01, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2016-10490

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/... Read more

    • EPSS Score: %0.23
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-3155

    Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.... Read more

    Affected Products : egroupware
    • EPSS Score: %1.18
    • Published: Jun. 11, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-13292

    In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Produ... Read more

    Affected Products : android
    • EPSS Score: %2.24
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-8484

    An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575.... Read more

    Affected Products : android
    • EPSS Score: %0.58
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12327

    Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed.... Read more

    Affected Products : sp-r50p_firmware sp-r50p
    • EPSS Score: %0.82
    • Published: Jul. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-9156

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD ... Read more

    • EPSS Score: %0.23
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-1999-0702

    Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %35.85
    • Published: Sep. 10, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2007-3270

    PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter.... Read more

    Affected Products : phpmyinventory
    • EPSS Score: %3.16
    • Published: Jun. 19, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-1999-0967

    Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.... Read more

    • EPSS Score: %17.92
    • Published: Nov. 01, 1997
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2012-4886

    Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.... Read more

    Affected Products : office_2012
    • EPSS Score: %60.22
    • Published: Mar. 24, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-3608

    The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote auth... Read more

    • EPSS Score: %3.08
    • Published: Sep. 08, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2019-0022

    Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.... Read more

    • EPSS Score: %0.41
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-33194

    Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands t... Read more

    • EPSS Score: %0.32
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-3465

    Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.... Read more

    Affected Products : safe_at_office_500_utm
    • EPSS Score: %0.34
    • Published: Jun. 27, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-5400

    An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors.... Read more

    Affected Products : platform_symphony
    • EPSS Score: %3.58
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 291419 Results