Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-7456

    VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.... Read more

    Affected Products : vsphere_data_protection
    • EPSS Score: %82.12
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-20841

    HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.... Read more

    • EPSS Score: %34.12
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-0453

    traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overfl... Read more

    Affected Products : traceroute-nanog
    • EPSS Score: %1.13
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0431

    The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.... Read more

    Affected Products : linux ethereal
    • EPSS Score: %0.55
    • Published: Jul. 24, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2016-4256

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-42... Read more

    Affected Products : digital_editions
    • EPSS Score: %1.92
    • Published: Sep. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2024-5171

    Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflo... Read more

    Affected Products : libaom
    • Published: Jun. 05, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-3642

    The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.... Read more

    Affected Products : virtualization_manager
    • EPSS Score: %22.38
    • Published: Jun. 17, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3613

    Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL.... Read more

    Affected Products : secure_global_desktop
    • EPSS Score: %5.24
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3607

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.... Read more

    Affected Products : glassfish_server
    • EPSS Score: %4.59
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3266

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted... Read more

    • EPSS Score: %10.12
    • Published: Oct. 14, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-20334

    An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get sh... Read more

    • EPSS Score: %3.70
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-20218

    An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform comman... Read more

    • EPSS Score: %36.86
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-2385

    Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arb... Read more

    Affected Products : debian_linux kamailio
    • EPSS Score: %25.30
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2006

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.... Read more

    Affected Products : data_protector
    • EPSS Score: %40.63
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2005

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.... Read more

    Affected Products : data_protector
    • EPSS Score: %40.63
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2003-0432

    Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.... Read more

    Affected Products : linux ethereal
    • EPSS Score: %0.55
    • Published: Jul. 24, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-20114

    On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of ... Read more

    • EPSS Score: %8.60
    • Published: Jan. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-20122

    The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code executi... Read more

    Affected Products : fastgate_firmware fastgate
    • EPSS Score: %5.91
    • Published: Feb. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-1741

    The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %17.31
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1580

    The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap... Read more

    Affected Products : ubuntu_linux ubuntu-core-launcher
    • EPSS Score: %1.65
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292288 Results