Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-16057

    The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.... Read more

    Affected Products : dns-320_firmware dns-320
    • Actively Exploited
    • EPSS Score: %94.05
    • Published: Sep. 16, 2019
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2019-15846

    Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.... Read more

    Affected Products : debian_linux exim
    • EPSS Score: %63.29
    • Published: Sep. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-1580

    Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.... Read more

    Affected Products : pan-os
    • EPSS Score: %1.82
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14931

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the... Read more

    • EPSS Score: %59.40
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14930

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised acces... Read more

    • EPSS Score: %0.39
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10095

    bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.... Read more

    Affected Products : zeppelin
    • EPSS Score: %4.04
    • Published: Sep. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-8476

    A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows... Read more

    • EPSS Score: %48.70
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-4939

    Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : coldfusion
    • Actively Exploited
    • EPSS Score: %85.53
    • Published: May. 19, 2018
    • Modified: Feb. 13, 2025

  • 10.0

    HIGH
    CVE-2018-4917

    Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the curr... Read more

    • EPSS Score: %3.41
    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14649

    It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthentica... Read more

    • EPSS Score: %58.11
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12815

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user... Read more

    • EPSS Score: %1.88
    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1144

    A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.... Read more

    Affected Products : n750_firmware n750
    • EPSS Score: %30.12
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8948

    A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.... Read more

    Affected Products : network_node_manager_i
    • EPSS Score: %10.61
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-6360

    QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.... Read more

    Affected Products : qts
    • EPSS Score: %79.98
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3092

    Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the installer plugin. A successful exploitation could lead to ar... Read more

    Affected Products : digital_editions
    • EPSS Score: %13.72
    • Published: Jun. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3083

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : flash_player
    • EPSS Score: %1.68
    • Published: Jun. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-16820

    The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).... Read more

    Affected Products : collectd
    • EPSS Score: %3.34
    • Published: Nov. 14, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-14470

    An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in... Read more

    • EPSS Score: %42.56
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-14459

    An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject comman... Read more

    Affected Products : awk-3131a_firmware awk-3131a
    • EPSS Score: %20.60
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-1000469

    Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.... Read more

    Affected Products : cobbler cobbler
    • EPSS Score: %1.44
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291024 Results