Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-6599

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608.... Read more

    Affected Products : android
    • EPSS Score: %1.47
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6604

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.... Read more

    Affected Products : android
    • EPSS Score: %4.94
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6610

    libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.... Read more

    Affected Products : android
    • EPSS Score: %0.21
    • Published: Nov. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8072

    mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulner... Read more

    Affected Products : android
    • EPSS Score: %3.76
    • Published: Nov. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5672

    TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data.... Read more

    • EPSS Score: %1.77
    • Published: Nov. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-19064

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which canno... Read more

    • EPSS Score: %1.22
    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13338

    System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.... Read more

    Affected Products : terramaster_operating_system tos tos
    • EPSS Score: %12.49
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9556

    In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • EPSS Score: %1.16
    • Published: Dec. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11905

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Dec. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10502

    While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835 and SDA660.... Read more

    • EPSS Score: %0.64
    • Published: Dec. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10143

    The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.... Read more

    Affected Products : expedition
    • EPSS Score: %26.59
    • Published: Dec. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-13816

    A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the af... Read more

    Affected Products : tim_1531_irc_firmware tim_1531_irc
    • EPSS Score: %2.92
    • Published: Dec. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-1000820

    neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to ha... Read more

    • EPSS Score: %0.26
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-1000823

    exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.... Read more

    Affected Products : exist
    • EPSS Score: %0.24
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-1000835

    KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.... Read more

    Affected Products : keepass_dx
    • EPSS Score: %0.24
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1000625

    Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system.... Read more

    Affected Products : v2i_hub
    • EPSS Score: %0.31
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6342

    react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the... Read more

    Affected Products : windows react-dev-utils
    • EPSS Score: %0.79
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 10.0

    CRITICAL
    CVE-2019-0020

    Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.... Read more

    • EPSS Score: %0.41
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2015-9280

    MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.... Read more

    Affected Products : mailenable
    • EPSS Score: %0.26
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5915

    Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD... Read more

    • EPSS Score: %0.22
    • Published: Jan. 18, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 290940 Results