Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-14086

    Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer which can lead to unexpected result during the check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Conn... Read more

    • EPSS Score: %0.33
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14095

    Buffer overflow occurs while processing LMP packet in which name length parameter exceeds value specified in BT-specification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consume... Read more

    • EPSS Score: %0.38
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14098

    Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon In... Read more

    • EPSS Score: %0.36
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2311

    Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdra... Read more

    • EPSS Score: %0.36
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-1634

    SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.... Read more

    Affected Products : advanced_newsletter
    • EPSS Score: %0.10
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-6918

    Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (... Read more

    Affected Products : markvision_enterprise
    • EPSS Score: %1.10
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-10992

    In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.... Read more

    Affected Products : storage_essentials
    • EPSS Score: %2.86
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7589

    A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech En... Read more

    Affected Products : kantech_entrapass entrapass
    • EPSS Score: %0.27
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13168

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially exec... Read more

    Affected Products : phaser_3320_firmware phaser_3320
    • EPSS Score: %1.02
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13169

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device.... Read more

    Affected Products : phaser_3320_firmware phaser_3320
    • EPSS Score: %1.53
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13172

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device.... Read more

    Affected Products : phaser_3320_firmware phaser_3320
    • EPSS Score: %1.86
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13192

    Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.... Read more

    • EPSS Score: %3.85
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13201

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially ex... Read more

    • EPSS Score: %0.17
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13202

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attac... Read more

    • EPSS Score: %0.21
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9423

    LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, su... Read more

    Affected Products : logicaldoc
    • EPSS Score: %1.48
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12128

    In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) ... Read more

    Affected Products : open_network_automation_platform
    • EPSS Score: %0.43
    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13171

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the de... Read more

    Affected Products : phaser_3320_firmware phaser_3320
    • EPSS Score: %1.84
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12129

    In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM)... Read more

    Affected Products : open_network_automation_platform
    • EPSS Score: %0.43
    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12130

    In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM)... Read more

    Affected Products : open_network_automation_platform
    • EPSS Score: %0.43
    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16072

    An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an ... Read more

    • EPSS Score: %22.16
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 290954 Results