Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-3590

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, a Use After Free condition can occur in RIL while hand... Read more

    • EPSS Score: %0.26
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-5332

    Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e... Read more

    Affected Products : pie
    • EPSS Score: %1.01
    • Published: Dec. 05, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-3779

    active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.... Read more

    Affected Products : activesupport
    • EPSS Score: %8.90
    • Published: Aug. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18129

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be contro... Read more

    • EPSS Score: %0.22
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18135

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, in the Wireless Data Service (WDS) module, a buffer overflow can occur.... Read more

    • EPSS Score: %0.23
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-4023

    An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulti... Read more

    • EPSS Score: %0.55
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-2237

    Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.... Read more

    • EPSS Score: %0.42
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-5439

    A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.... Read more

    Affected Products : emerge_e3_firmware emerge_e3
    • EPSS Score: %1.32
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-4702

    360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session.... Read more

    • EPSS Score: %3.86
    • Published: Mar. 11, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-4032

    projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors.... Read more

    Affected Products : netcharts_server
    • EPSS Score: %1.30
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-4509

    The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses predictable session cookies in (1) tandberg/web/lib/secure.php and (2) tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass ... Read more

    • EPSS Score: %3.63
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-4594

    Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH.... Read more

    • EPSS Score: %0.43
    • Published: Jan. 09, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-5999

    An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.... Read more

    Affected Products : asuswrt
    • EPSS Score: %90.79
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-5419

    Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests.... Read more

    Affected Products : control_center
    • EPSS Score: %24.24
    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6557

    cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command.... Read more

    Affected Products : webutil
    • EPSS Score: %2.18
    • Published: Mar. 30, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-9328

    Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root.... Read more

    Affected Products : terramaster_operating_system tos tos
    • EPSS Score: %6.21
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-6602

    Unspecified vulnerability in Download Center Lite before 2.1 has unknown impact and attack vectors related to "A minor security fix."... Read more

    Affected Products : download_center_lite
    • EPSS Score: %0.34
    • Published: Apr. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-4952

    Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors.... Read more

    Affected Products : typo3 dir_listing
    • EPSS Score: %0.54
    • Published: Jul. 22, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-3186

    ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.... Read more

    Affected Products : camera_firmware
    • EPSS Score: %9.87
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-6904

    Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have bee... Read more

    Affected Products : anti-virus anti-virus7.6.3
    • EPSS Score: %6.64
    • Published: Aug. 06, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 291384 Results