Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 10.0

    HIGH
    CVE-2017-8404

    An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentia... Read more

    Affected Products : dcs-1130_firmware dcs-1130
    • EPSS Score: %21.86
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2017-8410

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the va... Read more

    • EPSS Score: %2.92
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-7274

    Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.... Read more

    Affected Products : enterprise proton
    • EPSS Score: %32.81
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-13294

    AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.... Read more

    Affected Products : school-erp
    • EPSS Score: %34.31
    • Published: Jul. 04, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2018-14494

    Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not app... Read more

    Affected Products : fd8136_firmware fd8136
    • EPSS Score: %8.96
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2018-14495

    Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not caus... Read more

    Affected Products : fd8136_firmware fd8136
    • EPSS Score: %18.80
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-12803

    In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote... Read more

    Affected Products : i-onenet
    • EPSS Score: %0.36
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-13561

    D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter.... Read more

    Affected Products : dir-655_firmware dir-655
    • EPSS Score: %21.43
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-13598

    LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.... Read more

    Affected Products : vera_edge_firmware vera_edge
    • EPSS Score: %9.44
    • Published: Jul. 14, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-1010296

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.... Read more

    Affected Products : op-tee
    • EPSS Score: %1.07
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-1010297

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.... Read more

    Affected Products : op-tee
    • EPSS Score: %1.07
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-6824

    A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.... Read more

    Affected Products : proclima
    • EPSS Score: %13.84
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-13624

    In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.... Read more

    Affected Products : onos
    • EPSS Score: %0.43
    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-1917

    A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An att... Read more

    Affected Products : vision_dynamic_signage_director
    • EPSS Score: %14.37
    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-12725

    Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vuln... Read more

    Affected Products : zeroshell
    • EPSS Score: %94.09
    • Published: Jul. 19, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-13569

    A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.... Read more

    • EPSS Score: %2.69
    • Published: Jul. 19, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-2307

    Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon M... Read more

    • EPSS Score: %0.64
    • Published: Jul. 25, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-2327

    Possible buffer overflow can occur when playing clip with incorrect element size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables ... Read more

    • EPSS Score: %0.36
    • Published: Jul. 25, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2019-14363

    A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.... Read more

    Affected Products : wndr3400v3_firmware wndr3400v3
    • EPSS Score: %1.30
    • Published: Jul. 28, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2016-10855

    cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).... Read more

    Affected Products : cpanel
    • EPSS Score: %1.07
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 290943 Results