Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-1392

    Unspecified vulnerability in the Dolphin Browser HD (mobi.mgeek.TunnyBrowser) application 6.2.0, 7.2.1, 7.3.0, and 7.4.0 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android dolphin_browser_hd
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-14322

    The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a s... Read more

    Affected Products : email_marketer
    • EPSS Score: %18.80
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3198

    GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.... Read more

    • EPSS Score: %0.27
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-4548

    The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by ... Read more

    Affected Products : geronimo
    • EPSS Score: %0.75
    • Published: Aug. 27, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2004-1483

    Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact.... Read more

    Affected Products : clientless_vpn_gateway_4400
    • EPSS Score: %3.04
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-1690

    WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: s... Read more

    Affected Products : slmail_pro
    • EPSS Score: %15.78
    • Published: Apr. 07, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-19864

    NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.... Read more

    Affected Products : nvrmini2_firmware nvrmini_2
    • EPSS Score: %35.53
    • Published: Dec. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-15293

    Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.... Read more

    Affected Products : point_of_sale_xpress_server
    • EPSS Score: %0.60
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2012-1401

    Unspecified vulnerability in the CamScanner (com.intsig.camscanner) application 1.2.2.20110823 and 1.3.2.20120116 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android camscanner
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-3873

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 210487... Read more

    Affected Products : android
    • EPSS Score: %1.04
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-21025

    In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.... Read more

    Affected Products : centreon centreon_vm
    • EPSS Score: %0.22
    • Published: Oct. 08, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-21052

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 (October 2018... Read more

    Affected Products : android
    • EPSS Score: %0.20
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-3253

    Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a c... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %30.96
    • Published: Aug. 30, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-16934

    The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a cha... Read more

    Affected Products : web_server
    • EPSS Score: %21.81
    • Published: Nov. 24, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-6079

    The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, ... Read more

    • EPSS Score: %32.22
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-5066

    PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.... Read more

    Affected Products : themesitescript
    • EPSS Score: %1.20
    • Published: Nov. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-8236

    Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.... Read more

    Affected Products : eos
    • EPSS Score: %6.02
    • Published: Nov. 19, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-5120

    Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.... Read more

    Affected Products : openvms
    • EPSS Score: %9.41
    • Published: Nov. 18, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2004-1257

    Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6.1 allows remote attackers to execute arbitrary code via crafted ABC files.... Read more

    Affected Products : abc2mtex
    • EPSS Score: %5.15
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-3589

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket, which can lead to a buffer overflow when the sample buffer... Read more

    • EPSS Score: %0.23
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results