Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-9535

    A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vul... Read more

    Affected Products : iterm2
    • EPSS Score: %1.22
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11526

    An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.... Read more

    Affected Products : uagate_si_firmware uagate_si
    • EPSS Score: %0.35
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9533

    The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.... Read more

    Affected Products : explorer_710_firmware explorer_710
    • EPSS Score: %0.63
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12941

    AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived ... Read more

    • EPSS Score: %0.45
    • Published: Oct. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13651

    TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5).... Read more

    Affected Products : m7350_firmware m7350
    • EPSS Score: %2.66
    • Published: Oct. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13652

    TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5).... Read more

    Affected Products : m7350_firmware m7350
    • EPSS Score: %4.01
    • Published: Oct. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13653

    TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5).... Read more

    Affected Products : m7350_firmware m7350
    • EPSS Score: %1.09
    • Published: Oct. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-4658

    Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share.... Read more

    Affected Products : ea6500_firmware ea6500
    • EPSS Score: %0.61
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13553

    Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary ... Read more

    Affected Products : pcoweb_firmware chiller_sk_3232
    • EPSS Score: %0.18
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-5127

    A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in... Read more

    Affected Products : youphptube_encoder
    • EPSS Score: %93.07
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-5128

    A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in... Read more

    Affected Products : youphptube youphptube_encoder
    • EPSS Score: %90.29
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14450

    A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can u... Read more

    Affected Products : repetier-server
    • EPSS Score: %47.49
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-5151

    An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could poten... Read more

    Affected Products : youphptube
    • EPSS Score: %0.37
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-4031

    An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and in... Read more

    Affected Products : smart_firewall
    • EPSS Score: %0.41
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17212

    Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is pars... Read more

    Affected Products : mbed mbed
    • EPSS Score: %1.79
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-18189

    A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulne... Read more

    • EPSS Score: %0.60
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-4243

    linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.... Read more

    Affected Products : linux_kernel linux-vserver
    • EPSS Score: %0.37
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-4401

    Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.... Read more

    Affected Products : clearpass
    • EPSS Score: %0.47
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10541

    Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wea... Read more

    • EPSS Score: %0.30
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2249

    Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking i... Read more

    • EPSS Score: %0.48
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 290954 Results