Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-6287

    The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.... Read more

    Affected Products : http_file_server
    • Actively Exploited
    • EPSS Score: %94.31
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7205

    Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.... Read more

    Affected Products : bassmaster
    • EPSS Score: %84.24
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8656

    The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to... Read more

    • EPSS Score: %16.43
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7247

    Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to... Read more

    Affected Products : ichitaro ichitaro_pro
    • EPSS Score: %6.02
    • Published: Nov. 26, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9188

    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be ... Read more

    Affected Products : proclima
    • EPSS Score: %9.12
    • Published: Dec. 27, 2014
    • Modified: Jul. 24, 2025

  • 10.0

    HIGH
    CVE-2013-2603

    The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a ... Read more

    Affected Products : realarcade_installer
    • EPSS Score: %13.71
    • Published: Jan. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1311

    The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party ... Read more

    • EPSS Score: %1.70
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1449

    Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware... Read more

    • EPSS Score: %7.56
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8385

    Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %1.22
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-5428

    Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Autom... Read more

    • EPSS Score: %2.65
    • Published: Mar. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2786

    Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders."... Read more

    Affected Products : mybb
    • EPSS Score: %0.38
    • Published: Mar. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0932

    The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write... Read more

    • EPSS Score: %0.77
    • Published: Apr. 05, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3459

    The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.... Read more

    • EPSS Score: %13.86
    • Published: Apr. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3435

    Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.... Read more

    Affected Products : samsung_security_manager
    • EPSS Score: %7.62
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0701

    Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.... Read more

    • EPSS Score: %1.07
    • Published: May. 07, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2844

    The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.... Read more

    Affected Products : goadmin_ce
    • EPSS Score: %39.14
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1902

    Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.... Read more

    Affected Products : domino
    • EPSS Score: %34.02
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1903

    Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.... Read more

    Affected Products : domino
    • EPSS Score: %34.02
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3036

    Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long co... Read more

    Affected Products : netusb
    • EPSS Score: %72.26
    • Published: May. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4059

    Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header.... Read more

    Affected Products : terminal_emulation
    • EPSS Score: %11.63
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290918 Results