Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-1393

    Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.... Read more

    Affected Products : plone plone_cms
    • EPSS Score: %1.67
    • Published: Mar. 20, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-14127

    Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.... Read more

    Affected Products : td5336_firmware td5336
    • EPSS Score: %13.50
    • Published: Sep. 04, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-2882

    Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a ... Read more

    Affected Products : in.sight_b120\\37
    • EPSS Score: %0.99
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2004-1214

    Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text.... Read more

    Affected Products : kreed
    • EPSS Score: %5.89
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1227

    Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index... Read more

    Affected Products : sugar_sales
    • EPSS Score: %3.53
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-3225

    Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."... Read more

    Affected Products : joomla
    • EPSS Score: %0.03
    • Published: Jul. 18, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2004-1254

    WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow.... Read more

    Affected Products : winrar
    • EPSS Score: %5.20
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2012-1480

    Unspecified vulnerability in the Pansi SMS (com.pansi.msg) application 1.97, 2.01, and 2.07 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android pansi_sms
    • EPSS Score: %0.33
    • Published: Mar. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2004-1258

    Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to execute arbitrary code via crafted ABC files.... Read more

    Affected Products : abcm2ps
    • EPSS Score: %4.90
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2016-0803

    libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-1491

    Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.... Read more

    Affected Products : remote_console
    • EPSS Score: %86.69
    • Published: Mar. 25, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2002-1686

    Buffer overflow in lscfg of unknown versions of AIX has unknown impact.... Read more

    Affected Products : aix
    • EPSS Score: %0.50
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1303

    Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses.... Read more

    Affected Products : yanf
    • EPSS Score: %3.65
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2015-3832

    Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538.... Read more

    Affected Products : android
    • EPSS Score: %6.83
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-10308

    Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to t... Read more

    • EPSS Score: %2.10
    • Published: Mar. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10343

    In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10384

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl.... Read more

    Affected Products : android
    • EPSS Score: %0.25
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10460

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 835, SD 845, and SD 850, vendor specific opcodes may not have any packet length validation leading to buffer over-reads.... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10480

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/5... Read more

    • EPSS Score: %0.26
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-1390

    Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the (1) -F, (2) name, (3) en, (4) upscript, (5) downscript, (6) retries, (7) timeout, (8) scriptdetach, (9) noscr... Read more

    Affected Products : rtos rtp
    • EPSS Score: %9.60
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291358 Results