Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-6277

    GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer r... Read more

    Affected Products : bash
    • Published: Sep. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-11469

    Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Acti... Read more

    • Published: Apr. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4488

    IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more

    Affected Products : mac_os_x iphone_os tvos
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-4486

    IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL... Read more

    Affected Products : mac_os_x iphone_os tvos
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-11399

    An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter.... Read more

    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4227

    Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.... Read more

    Affected Products : jdk jre
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3413

    The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database acce... Read more

    Affected Products : junos_space junos_space
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3176

    Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.... Read more

    Affected Products : chrome
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-11196

    An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exp... Read more

    • Published: Apr. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-1553

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss... Read more

    • Published: Sep. 03, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1512

    Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering ... Read more

    • Published: Mar. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1377

    Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1359

    Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.... Read more

    Affected Products : mac_os_x iphone_os tvos
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2019-11061

    A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3... Read more

    Affected Products : hg100_firmware hg100
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-10959

    BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 a... Read more

    • Published: Jun. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10880

    Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authenticati... Read more

    • Published: Apr. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10789

    All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.... Read more

    Affected Products : curling
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10774

    php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : php-shellcommand
    • Published: Dec. 30, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10892

    An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnap_main at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controll... Read more

    Affected Products : dir-806_firmware dir-806
    • Published: Sep. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10661

    On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password.... Read more

    Affected Products : gxv3611ir_hd_firmware gxv3611ir_hd
    • Published: Mar. 30, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293508 Results