Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-8437

    Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695.... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.55
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-9183

    ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.... Read more

    Affected Products : zxdsl
    • EPSS Score: %5.17
    • Published: Dec. 02, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0940

    Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary ... Read more

    • EPSS Score: %2.03
    • Published: Jan. 14, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-6044

    An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a r... Read more

    • EPSS Score: %7.69
    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9629

    A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbit... Read more

    Affected Products : wonderware_archestra_logger
    • EPSS Score: %19.42
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-7197

    Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors.... Read more

    Affected Products : g15daemon
    • EPSS Score: %0.34
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-8840

    A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote... Read more

    • EPSS Score: %35.27
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-7649

    The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user cred... Read more

    Affected Products : kura
    • EPSS Score: %0.37
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-4731

    Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown impact and attack vectors.... Read more

    Affected Products : yacy
    • EPSS Score: %0.37
    • Published: Oct. 24, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2016-2362

    Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.... Read more

    Affected Products : fonality
    • EPSS Score: %0.89
    • Published: Jun. 20, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-1216

    A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for ... Read more

    • EPSS Score: %26.14
    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2720

    Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-20... Read more

    Affected Products : acrobat acrobat_reader
    • EPSS Score: %13.75
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-4024

    Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter... Read more

    Affected Products : pear pear
    • EPSS Score: %2.81
    • Published: Nov. 29, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-7641

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.... Read more

    • EPSS Score: %9.68
    • Published: Oct. 18, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-0496

    Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "d... Read more

    • EPSS Score: %11.61
    • Published: Jan. 20, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2016-5118

    The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.... Read more

    • EPSS Score: %35.42
    • Published: Jun. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2019-7003

    A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Contro... Read more

    Affected Products : control_manager
    • EPSS Score: %1.15
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9054

    Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NA... Read more

    • Actively Exploited
    • EPSS Score: %94.31
    • Published: Mar. 04, 2020
    • Modified: Mar. 21, 2025

  • 10.0

    HIGH
    CVE-2016-6138

    Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.... Read more

    Affected Products : trex
    • EPSS Score: %20.32
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-15610

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When par... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291401 Results