Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2011-4768

    The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretat... Read more

    • EPSS Score: %1.75
    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-0240

    GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : advantech_webaccess
    • EPSS Score: %0.93
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-0545

    cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.... Read more

    Affected Products : zeroshell zeroshell
    • EPSS Score: %93.94
    • Published: Feb. 12, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2016-10461

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, SD 650/52, SD 808, SD 810, SD 820, and SDX20, lack of proper bounds checking may lead to a buffer overread.... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-11017

    The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection outpu... Read more

    Affected Products : network_monitor
    • EPSS Score: %19.44
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-11061

    Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthentica... Read more

    • EPSS Score: %3.01
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-1327

    Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935.... Read more

    • EPSS Score: %3.58
    • Published: Mar. 09, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1606

    Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName... Read more

    Affected Products : rumba
    • EPSS Score: %41.90
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1999

    The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.... Read more

    Affected Products : release_control
    • EPSS Score: %3.23
    • Published: May. 30, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2005-3462

    Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.02 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE02.... Read more

    Affected Products : peoplesoft_enterprise
    • EPSS Score: %3.42
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1160

    FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//).... Read more

    Affected Products : flexwatch_network_video_server
    • EPSS Score: %7.42
    • Published: Oct. 30, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0090

    Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.42
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0139

    Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which "t_unbind changes t_bind's behavior," has unknown impact and attack vectors.... Read more

    Affected Products : irix
    • EPSS Score: %0.43
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-8551

    The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via craft... Read more

    • EPSS Score: %5.81
    • Published: Nov. 26, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9134

    Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.... Read more

    • EPSS Score: %3.75
    • Published: Dec. 03, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5066

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.... Read more

    Affected Products : aleos_firmware gx_440
    • EPSS Score: %0.03
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-5081

    ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session.... Read more

    Affected Products : zp-ibh-13w zp-ne-14-s
    • EPSS Score: %0.88
    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5365

    Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.... Read more

    Affected Products : honor_ws851_firmware honor_ws851
    • EPSS Score: %1.69
    • Published: Jun. 14, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9795

    app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android inte... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2004-0318

    Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.... Read more

    Affected Products : lsf
    • EPSS Score: %3.51
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291384 Results