Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-12313

    OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.... Read more

    Affected Products : data_master as602t
    • EPSS Score: %5.20
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11652

    CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.... Read more

    Affected Products : nikto
    • EPSS Score: %20.10
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1149

    cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.... Read more

    Affected Products : nvrmini2_firmware nvrmini_2 nvrmini2
    • EPSS Score: %16.74
    • Published: Sep. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1085

    openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf resu... Read more

    Affected Products : openshift_container_platform
    • EPSS Score: %1.48
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10661

    An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.... Read more

    • EPSS Score: %90.02
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10660

    An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.... Read more

    • EPSS Score: %89.32
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1000861

    A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by ... Read more

    • Actively Exploited
    • EPSS Score: %94.47
    • Published: Dec. 10, 2018
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2018-0310

    A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected... Read more

    • EPSS Score: %3.40
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0304

    A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary code ... Read more

    • EPSS Score: %2.40
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0258

    A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affec... Read more

    • EPSS Score: %30.70
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0253

    A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted us... Read more

    Affected Products : secure_access_control_system
    • EPSS Score: %4.51
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0150

    A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credenti... Read more

    • EPSS Score: %7.58
    • Published: Mar. 28, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9232

    Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.... Read more

    Affected Products : juju
    • EPSS Score: %76.53
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2006-3553

    PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php.... Read more

    Affected Products : planetnews
    • EPSS Score: %6.69
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2013-4685

    Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary c... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +3 more products
    • EPSS Score: %9.37
    • Published: Jul. 11, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-8976

    A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.... Read more

    • EPSS Score: %53.98
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8975

    A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.... Read more

    • EPSS Score: %53.98
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8895

    In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attack... Read more

    Affected Products : backup_exec
    • EPSS Score: %67.06
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8858

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.... Read more

    Affected Products : netbackup_appliance netbackup
    • EPSS Score: %1.42
    • Published: May. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8857

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.... Read more

    Affected Products : netbackup_appliance netbackup
    • EPSS Score: %3.01
    • Published: May. 09, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291526 Results