Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2019-0022

    Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.... Read more

    • EPSS Score: %0.41
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-33194

    Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands t... Read more

    • EPSS Score: %0.32
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-3465

    Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.... Read more

    Affected Products : safe_at_office_500_utm
    • EPSS Score: %0.34
    • Published: Jun. 27, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-5400

    An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors.... Read more

    Affected Products : platform_symphony
    • EPSS Score: %3.58
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-5290

    The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read acces... Read more

    Affected Products : coldfusion
    • EPSS Score: %1.82
    • Published: Sep. 20, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-11295

    An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : dng_converter
    • EPSS Score: %4.76
    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-12971

    BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type.... Read more

    • EPSS Score: %0.72
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0452

    Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0451.... Read more

    Affected Products : goldengate
    • EPSS Score: %11.89
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2003-1361

    Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.... Read more

    • EPSS Score: %0.92
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2019-13197

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the ... Read more

    • EPSS Score: %0.26
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-18395

    Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.... Read more

    Affected Products : thingspro
    • EPSS Score: %0.36
    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-41653

    The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.... Read more

    Affected Products : tl-wr840n_firmware tl-wr840n
    • EPSS Score: %91.91
    • Published: Nov. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-20164

    Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-3629

    SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inform... Read more

    Affected Products : levent_veysi_portal
    • EPSS Score: %0.35
    • Published: Jul. 09, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-3060

    Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.... Read more

    • EPSS Score: %2.40
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2021-21913

    An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.... Read more

    Affected Products : dir-3040_firmware dir-3040
    • EPSS Score: %0.69
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6210

    D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.... Read more

    Affected Products : dir-620_firmware dir-620
    • EPSS Score: %1.40
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0898

    Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.... Read more

    Affected Products : secure_backup
    • EPSS Score: %2.52
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2016-0889

    An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.... Read more

    Affected Products : emc_unisphere unisphere
    • EPSS Score: %1.71
    • Published: Apr. 15, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2005-2286

    WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.... Read more

    Affected Products : webeoc
    • EPSS Score: %1.20
    • Published: Jul. 18, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291305 Results