Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 10.0

    HIGH
    CVE-2019-9160

    WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password con... Read more

    • EPSS Score: %1.82
    • Published: Apr. 18, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-11448

    An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently ... Read more

    • EPSS Score: %22.68
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2018-19442

    A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/[robot_serial]/m... Read more

    • EPSS Score: %18.24
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2017-18369

    The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and ... Read more

    Affected Products : 5200w-t_firmware 5200w-t
    • EPSS Score: %87.54
    • Published: May. 02, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2018-15128

    An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.... Read more

    Affected Products : group_series hdx pano
    • EPSS Score: %1.55
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2018-19987

    D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPoint... Read more

    • EPSS Score: %81.83
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2018-19986

    In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in ... Read more

    • EPSS Score: %54.88
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2018-4018

    An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An at... Read more

    • EPSS Score: %0.43
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2018-4029

    An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to me... Read more

    • EPSS Score: %0.61
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-12301

    The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.... Read more

    Affected Products : percona_server
    • EPSS Score: %0.30
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2018-11937

    Lack of input validation before copying can lead to a buffer over read in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU... Read more

    • EPSS Score: %0.27
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-2245

    Possible integer underflow can happen when calculating length of elementary stream map from invalid packet length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapd... Read more

    • EPSS Score: %0.33
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-1999-0640

    The Gopher service is running.... Read more

    Affected Products :
    • EPSS Score: %0.48
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2019-12165

    MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful expl... Read more

    • EPSS Score: %0.78
    • Published: May. 29, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-9891

    The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo.... Read more

    Affected Products : advanced_bash-scripting_guide
    • EPSS Score: %0.74
    • Published: May. 31, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-6725

    The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be ... Read more

    Affected Products : p-660hn-t1_firmware p-660hn-t1
    • EPSS Score: %0.44
    • Published: May. 31, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2017-14853

    The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid out... Read more

    Affected Products : siteomat
    • EPSS Score: %2.18
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-11944

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %33.04
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-11945

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %62.70
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-5352

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %19.03
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 290943 Results