Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-0430

    In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not neede... Read more

    Affected Products : android
    • EPSS Score: %0.77
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-1826

    Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %1.14
    • Published: Apr. 16, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1034

    SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.... Read more

    Affected Products : tasklist
    • EPSS Score: %0.46
    • Published: Mar. 20, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-13282

    In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • EPSS Score: %3.35
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-3338

    Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions... Read more

    Affected Products : database_server
    • EPSS Score: %19.96
    • Published: Jun. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-8584

    Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.... Read more

    • EPSS Score: %6.40
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34084

    OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.... Read more

    Affected Products : s3-uploader
    • EPSS Score: %15.12
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-31794

    An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject ... Read more

    • EPSS Score: %13.27
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7364

    All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to exe... Read more

    Affected Products : zxin10
    • EPSS Score: %8.62
    • Published: Dec. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-8899

    There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer... Read more

    Affected Products : android
    • EPSS Score: %17.83
    • Published: May. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-7689

    A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.... Read more

    • EPSS Score: %3.22
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2011-1563

    Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On_FC_C... Read more

    Affected Products : realwin
    • EPSS Score: %58.36
    • Published: Apr. 05, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-38393

    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agi... Read more

    Affected Products : diaenergie
    • EPSS Score: %1.65
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-35003

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists withi... Read more

    Affected Products : archer_c90_firmware archer_c90
    • EPSS Score: %10.63
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11196

    u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Sna... Read more

    • EPSS Score: %0.36
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13997

    A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script... Read more

    • EPSS Score: %1.59
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-13995

    An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pa... Read more

    Affected Products : ininet_webserver
    • EPSS Score: %1.60
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14002

    GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain ac... Read more

    • EPSS Score: %15.38
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27113

    An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.... Read more

    • EPSS Score: %28.61
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31474

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds... Read more

    Affected Products : network_performance_monitor
    • EPSS Score: %53.63
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291058 Results