Latest CVE Feed
-
10.0
HIGHCVE-2016-1989
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.... Read more
Affected Products : network_automation- Published: Mar. 15, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2022-31800
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.... Read more
- Published: Jun. 21, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2016-1662
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unsp... Read more
- Published: May. 14, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2016-1642
Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more
Affected Products : chrome- Published: Mar. 06, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2016-1629
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.... Read more
- Published: Feb. 21, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2016-1560
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or ... Read more
Affected Products : ex3000_firmware ex5000_firmware ex7000_firmware ex10000e_firmware ex13000e_firmware ex21000e_firmware ex32000e_firmware ex40000e_firmware ex3000 ex5000 +6 more products- Published: Apr. 21, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2016-1555
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute... Read more
Affected Products : wnap320_firmware wn604_firmware wndap660_firmware wndap350_firmware wndap360_firmware wndap210v2_firmware wn802tv2_firmware wnap320 wndap350 wndap360 +4 more products- Actively Exploited
- Published: Apr. 21, 2017
- Modified: Apr. 20, 2025
-
10.0
CRITICALCVE-2016-1505
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.... Read more
- Published: Feb. 03, 2016
- Modified: Apr. 12, 2025
-
10.0
CRITICALCVE-2024-39911
1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this ... Read more
Affected Products : 1panel- Published: Jul. 18, 2024
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-24292
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.... Read more
Affected Products : laserjet_pro_m304-m305_w1a46a_firmware laserjet_pro_m304-m305_w1a47a_firmware laserjet_pro_m304-m305_w1a48a_firmware laserjet_pro_m304-m305_w1a66a_firmware laserjet_pro_m404-m405_93m22a_firmware laserjet_pro_m453-m454_w1y40a_firmware laserjet_pro_m453-m454_w1y41a_firmware laserjet_pro_m453-m454_w1y43a_firmware laserjet_pro_m453-m454_w1y44a_firmware laserjet_pro_m453-m454_w1y45a_firmware +126 more products- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2016-1503
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of servic... Read more
- Published: Apr. 18, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2022-2274
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will h... Read more
Affected Products : h410c_firmware snapcenter openssl h300s_firmware h500s_firmware h700s_firmware h410s_firmware h300s h410s h500s +2 more products- Published: Jul. 01, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-14021
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G ve... Read more
- Published: Nov. 01, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2016-1453
Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.... Read more
- Published: Oct. 06, 2016
- Modified: Apr. 12, 2025
-
10.0
CRITICALCVE-2024-39791
Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code.... Read more
Affected Products : var1200-h_firmware var1200-h var1200-l_firmware var1200-l var600-h_firmware var600-h vap11ac_firmware vap11ac vap11g-500s_firmware vap11g-500s +18 more products- Published: Aug. 12, 2024
- Modified: Aug. 20, 2024
-
10.0
HIGHCVE-2016-1416
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.... Read more
Affected Products : prime_collaboration_provisioning- Published: Jul. 02, 2016
- Modified: Apr. 12, 2025
-
10.0
CRITICALCVE-2024-39761
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP req... Read more
- Published: Jan. 14, 2025
- Modified: Aug. 22, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2016-1343
The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML Ex... Read more
Affected Products : information_server- Published: Apr. 30, 2016
- Modified: Apr. 12, 2025
-
10.0
CRITICALCVE-2024-39759
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP req... Read more
- Published: Jan. 14, 2025
- Modified: Aug. 22, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2024-39754
A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.... Read more
- Published: Jan. 14, 2025
- Modified: Aug. 21, 2025
- Vuln Type: Authentication