Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-11017

    The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection outpu... Read more

    Affected Products : network_monitor
    • EPSS Score: %19.44
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-10927

    The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.... Read more

    Affected Products : nelio_ab_testing
    • EPSS Score: %0.45
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-33045

    The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.... Read more

    • Actively Exploited
    • EPSS Score: %94.12
    • Published: Sep. 15, 2021
    • Modified: Feb. 24, 2025

  • 10.0

    HIGH
    CVE-2021-32802

    Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user... Read more

    Affected Products : nextcloud_server notes
    • EPSS Score: %2.25
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10855

    cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).... Read more

    Affected Products : cpanel
    • EPSS Score: %1.07
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10817

    cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.39
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-38999

    jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products :
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-22893

    Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform... Read more

    Affected Products : pulse_connect_secure connect_secure
    • Actively Exploited
    • EPSS Score: %93.51
    • Published: Apr. 23, 2021
    • Modified: Mar. 21, 2025

  • 10.0

    HIGH
    CVE-2021-1829

    A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • EPSS Score: %0.84
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14917

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2021-1479

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about th... Read more

    • EPSS Score: %2.57
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10501

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615... Read more

    • EPSS Score: %0.26
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10494

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, S... Read more

    • EPSS Score: %0.23
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10478

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 617, incorrect size calculation in QCRIL SCWS processing have Integer overflow which will lead to a buffer overflow.... Read more

    Affected Products : android sd_617_firmware sd_617
    • EPSS Score: %0.23
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10480

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/5... Read more

    • EPSS Score: %0.26
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10485

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/S... Read more

    • EPSS Score: %0.23
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10479

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820, an arbitrary length valu... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10486

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, and SD 820A, PD failure reason string f... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8445

    In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitte... Read more

    Affected Products : ossec
    • EPSS Score: %0.99
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10498

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, S... Read more

    • EPSS Score: %0.38
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292495 Results