Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2013-0361

    Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff... Read more

    • EPSS Score: %2.95
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4704

    Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.... Read more

    Affected Products : codesys_gateway-server
    • EPSS Score: %14.89
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-1421

    Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in include... Read more

    Affected Products : premod_subdog
    • EPSS Score: %4.69
    • Published: Mar. 13, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0980

    Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obt... Read more

    • EPSS Score: %2.18
    • Published: Feb. 16, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-29326

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %1.50
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11940

    Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QC... Read more

    • EPSS Score: %0.27
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-2261

    Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.... Read more

    Affected Products : wap54gv3
    • EPSS Score: %2.91
    • Published: Jun. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-5912

    Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords.... Read more

    Affected Products : campsite
    • EPSS Score: %0.45
    • Published: Nov. 15, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-14115

    A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.... Read more

    Affected Products : ax3600_firmware ax3600
    • EPSS Score: %0.74
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51419

    Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7. ... Read more

    Affected Products : bertha_ai
    • EPSS Score: %0.66
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-6099

    Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities.... Read more

    Affected Products : ingate_firewall ingate_siparator
    • EPSS Score: %1.07
    • Published: Nov. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-0915

    The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an "overflow."... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.22
    • Published: Mar. 18, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-2361

    Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks.... Read more

    Affected Products : winny
    • EPSS Score: %0.35
    • Published: Aug. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-14528

    Invoxia NVX220 devices allow TELNET access as admin with a default password.... Read more

    Affected Products : nvx220_firmware nvx220
    • EPSS Score: %1.04
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16737

    The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.... Read more

    • EPSS Score: %3.27
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-14268

    A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code ... Read more

    Affected Products : notes
    • EPSS Score: %1.67
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7233

    GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for S... Read more

    Affected Products : precision_thunis-800\+
    • EPSS Score: %0.57
    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-16523

    MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.... Read more

    • EPSS Score: %2.91
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-0546

    EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name.... Read more

    • EPSS Score: %3.41
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2006-1276

    admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie.... Read more

    Affected Products : php_simplenews
    • EPSS Score: %4.59
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291358 Results