Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2021-25387

    An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.... Read more

    Affected Products : android dex
    • EPSS Score: %0.19
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1160

    webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.... Read more

    Affected Products : webspell
    • EPSS Score: %0.98
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-3722

    Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01.... Read more

    • EPSS Score: %3.57
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-9993

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, ... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-3712

    SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.... Read more

    • EPSS Score: %0.33
    • Published: Feb. 26, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-11031

    application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.... Read more

    Affected Products : phprap
    • EPSS Score: %0.80
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-7153

    PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.... Read more

    Affected Products : forum
    • EPSS Score: %3.32
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2022-31126

    Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file.... Read more

    Affected Products : roxy-wi
    • EPSS Score: %89.60
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-5154

    An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.... Read more

    Affected Products : s14_firmware s14
    • EPSS Score: %0.80
    • Published: Feb. 09, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1505

    Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2.... Read more

    Affected Products : lotus_quickr lotus_domino
    • EPSS Score: %1.33
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-2020

    Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.... Read more

    Affected Products : operations_agent
    • EPSS Score: %75.60
    • Published: Jul. 11, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-0430

    In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not neede... Read more

    Affected Products : android
    • EPSS Score: %0.77
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-1826

    Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %1.14
    • Published: Apr. 16, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1034

    SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.... Read more

    Affected Products : tasklist
    • EPSS Score: %0.46
    • Published: Mar. 20, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-13282

    In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • EPSS Score: %3.35
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-3338

    Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions... Read more

    Affected Products : database_server
    • EPSS Score: %19.96
    • Published: Jun. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-8584

    Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.... Read more

    • EPSS Score: %6.40
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34084

    OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.... Read more

    Affected Products : s3-uploader
    • EPSS Score: %15.12
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-31794

    An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject ... Read more

    • EPSS Score: %13.27
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7364

    All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to exe... Read more

    Affected Products : zxin10
    • EPSS Score: %8.62
    • Published: Dec. 07, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results