Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-7297

    An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomo... Read more

    Affected Products : dir-823g_firmware dir-823g
    • EPSS Score: %21.27
    • Published: Jan. 31, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-0961

    EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.... Read more

    Affected Products : diskxtender
    • EPSS Score: %2.28
    • Published: Apr. 14, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3653

    Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • EPSS Score: %0.33
    • Published: Aug. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2018-18815

    The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Anal... Read more

    • EPSS Score: %0.30
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9118

    An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attacker... Read more

    Affected Products : m2_firmware c1_firmware m2 c1
    • EPSS Score: %9.27
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-1723

    A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privilege... Read more

    • EPSS Score: %25.49
    • Published: Mar. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9119

    An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attacker... Read more

    Affected Products : m2_firmware c1_firmware m2 c1
    • EPSS Score: %9.27
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-19276

    OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.... Read more

    Affected Products : openmrs
    • EPSS Score: %91.89
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-19524

    An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (se... Read more

    • EPSS Score: %21.20
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-3953

    Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and ... Read more

    • EPSS Score: %0.25
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-3954

    Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could... Read more

    • EPSS Score: %0.54
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-3956

    Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from... Read more

    • EPSS Score: %0.24
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-9189

    Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memor... Read more

    Affected Products : experion_process_knowledge_system
    • EPSS Score: %1.71
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8023

    EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary ... Read more

    Affected Products : networker emc_networker
    • EPSS Score: %17.99
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-19275

    The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality,... Read more

    Affected Products : cmg_suite inattend
    • EPSS Score: %3.10
    • Published: Apr. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-18068

    The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host proces... Read more

    • EPSS Score: %1.92
    • Published: Apr. 04, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10479

    An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.... Read more

    Affected Products : rbw-100_firmware rbw-100
    • EPSS Score: %2.95
    • Published: Apr. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11014

    The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client loo... Read more

    Affected Products : eye4
    • EPSS Score: %0.76
    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-19300

    On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) ... Read more

    • EPSS Score: %20.75
    • Published: Apr. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10880

    Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authenticati... Read more

    • EPSS Score: %4.98
    • Published: Apr. 12, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 290940 Results