Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2018-6692

    Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.... Read more

    • EPSS Score: %0.96
    • Published: Aug. 21, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-6973

    Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors.... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.51
    • Published: Aug. 13, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6993

    Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.... Read more

    Affected Products : gigaset_wlan_camera
    • EPSS Score: %0.79
    • Published: Aug. 19, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-7004

    Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c.... Read more

    Affected Products : elog
    • EPSS Score: %0.41
    • Published: Aug. 19, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-7218

    The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code... Read more

    • EPSS Score: %6.19
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7297

    Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attacker... Read more

    • EPSS Score: %48.57
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7664

    An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.... Read more

    Affected Products : clipbucket
    • EPSS Score: %0.76
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-6068

    The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener ... Read more

    Affected Products : codesys_runtime_system
    • EPSS Score: %4.38
    • Published: Jan. 21, 2013
    • Modified: Jul. 02, 2025

  • 10.0

    CRITICAL
    CVE-2018-1000652

    JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable v... Read more

    Affected Products : jabref
    • EPSS Score: %0.24
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-8865

    In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).... Read more

    Affected Products : ids_2102_firmware ids_2102
    • EPSS Score: %4.81
    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-0279

    Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 4.3 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS13 and (2) APPS14 in the Oracle iLearning component.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %1.48
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0280

    Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01.... Read more

    Affected Products : peoplesoft_enterprise_portal
    • EPSS Score: %1.48
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-11094

    An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/Export... Read more

    Affected Products : ncloud_300_firmware ncloud_300
    • EPSS Score: %68.09
    • Published: May. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-6315

    Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.... Read more

    • EPSS Score: %9.43
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-11240

    An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main server... Read more

    Affected Products : t-router_firmware t-router
    • EPSS Score: %0.61
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0345

    Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) ... Read more

    Affected Products : fire_x2100_m2 fire_x2200_m2
    • EPSS Score: %2.30
    • Published: Jan. 29, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-0492

    Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability."... Read more

    Affected Products : simpleircbot
    • EPSS Score: %0.34
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-11491

    ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.... Read more

    Affected Products : hg100_firmware hg100
    • EPSS Score: %5.58
    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0620

    Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform con... Read more

    • EPSS Score: %0.46
    • Published: Feb. 26, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-11711

    A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that thi... Read more

    • EPSS Score: %6.60
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results