Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-0857

    Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2022-31795

    An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-na... Read more

    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-8362

    The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerab... Read more

    Affected Products : amx_firmware
    • Published: Jan. 22, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6319

    SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.... Read more

    • Published: Jan. 27, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2022-31230

    Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-40643

    EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any ... Read more

    Affected Products : eyesofnetwork
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-2397

    The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.... Read more

    • Published: Feb. 17, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8286

    Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.... Read more

    Affected Products : raysharp_firmware
    • Published: Feb. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2022-21744

    In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighbouring cell size with no additional execution privileges ne... Read more

    Affected Products : lr13 nr15 nr16 lr11 lr12 lr12a lr9 mt2735 mt6779 mt6781 +63 more products
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-41037

    In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like... Read more

    Affected Products : equinox_p2
    • Published: Jul. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0836

    Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590.... Read more

    Affected Products : android
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2416

    libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive informatio... Read more

    Affected Products : android
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4325

    Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.... Read more

    Affected Products : xprintserver_firmware
    • Published: May. 14, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2022-2634

    An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.... Read more

    • Published: Aug. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-4521

    Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.... Read more

    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2496

    The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.... Read more

    Affected Products : android
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1395

    The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted ... Read more

    • Published: Jun. 19, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1289

    The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discoveri... Read more

    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5799

    Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.... Read more

    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7109

    Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.... Read more

    Affected Products : uma
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293360 Results