Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2009-1058

    Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite. NOTE: it is possible that this overlaps CVE-2005-3317. NOTE: CVE has not investigated whether the spec... Read more

    Affected Products : zipgenius
    • EPSS Score: %5.12
    • Published: Mar. 24, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-1608

    Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this dis... Read more

    Affected Products : lotus_notes notes
    • EPSS Score: %12.87
    • Published: Apr. 29, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-11196

    An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exp... Read more

    • EPSS Score: %10.22
    • Published: Apr. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-1314

    body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.... Read more

    Affected Products : web_file_explorer
    • EPSS Score: %3.48
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-11535

    Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond th... Read more

    • EPSS Score: %3.36
    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11536

    Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with ... Read more

    Affected Products : sync3000_firmware sync3000
    • EPSS Score: %0.38
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-12153

    Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.... Read more

    Affected Products : pdfreactor
    • EPSS Score: %0.36
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-2343

    Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements.... Read more

    Affected Products : eaglesoft
    • EPSS Score: %0.76
    • Published: Apr. 01, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-12776

    An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and reloc... Read more

    • EPSS Score: %1.04
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-6575

    SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms ... Read more

    Affected Products : android
    • EPSS Score: %18.58
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-2468

    The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by ... Read more

    Affected Products : netbox emerge_50 emerge_5000 eaccess
    • EPSS Score: %0.42
    • Published: Jun. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-2039

    Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders.... Read more

    Affected Products : oscommerce luottokunta
    • EPSS Score: %0.42
    • Published: Jun. 12, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2111

    Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.... Read more

    Affected Products : db_top_sites
    • EPSS Score: %2.54
    • Published: Jun. 18, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2018-1000831

    K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV ser... Read more

    Affected Products : k-9_mail
    • EPSS Score: %0.24
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14110

    Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maximum buffer size in case of SAP mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Elect... Read more

    • EPSS Score: %0.36
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14113

    Buffer overflow can occur in In WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Co... Read more

    • EPSS Score: %0.43
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10088

    Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.... Read more

    Affected Products : uc-httpd
    • EPSS Score: %35.40
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10369

    A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.... Read more

    Affected Products : win_240_firmware win_240
    • EPSS Score: %0.38
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2093

    Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %3.81
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10997

    Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.... Read more

    Affected Products : etereweb
    • EPSS Score: %0.64
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291395 Results