Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-6490

    Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6476

    Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.... Read more

    • Published: Nov. 07, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-4862

    Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute a... Read more

    • Published: Dec. 25, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-4791

    DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field.... Read more

    Affected Products : data_protector_media_operations
    • Published: Feb. 03, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-6473

    WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.... Read more

    • Published: Aug. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2020-8599

    Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit t... Read more

    Affected Products : apex_one officescan
    • Actively Exploited
    • Published: Mar. 18, 2020
    • Modified: Feb. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6459

    Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.... Read more

    Affected Products : mds_pulsenet
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-3544

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availa... Read more

    • Actively Exploited
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-8598

    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges.... Read more

    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3089

    Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.... Read more

    Affected Products : chrome
    • Published: May. 16, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0742

    Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400.... Read more

    Affected Products : zenworks_handheld_management
    • Published: Feb. 02, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-6412

    Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070.... Read more

    • Published: Jan. 22, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-0485

    Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."... Read more

    Affected Products : chrome chrome_os
    • Published: Jan. 14, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0266

    Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.... Read more

    Affected Products : openview_network_node_manager
    • Published: Jan. 13, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-8432

    In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced ... Read more

    Affected Products : leap u-boot
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-4508

    The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification.... Read more

    Affected Products : firefox
    • Published: Dec. 09, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-4586

    The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508.... Read more

    Affected Products : opera_browser
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-8298

    fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.... Read more

    Affected Products : fs-path
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-2298

    browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions ... Read more

    Affected Products : linux_kernel chrome
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-1554

    Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.... Read more

    Affected Products : openview_network_node_manager
    • Published: May. 13, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 292795 Results