Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-7897

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanner... Read more

    • EPSS Score: %28.81
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7893

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid ... Read more

    • EPSS Score: %30.08
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-19007

    In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.... Read more

    • EPSS Score: %0.49
    • Published: Dec. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7891

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509.... Read more

    • EPSS Score: %30.08
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7890

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510.... Read more

    • EPSS Score: %30.08
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7888

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS prin... Read more

    • EPSS Score: %30.08
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2003-0272

    admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value.... Read more

    Affected Products : miniportal
    • EPSS Score: %0.95
    • Published: May. 27, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-5334

    FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.... Read more

    Affected Products : freenas
    • EPSS Score: %11.46
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-18843

    The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.25
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4497

    Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %1.10
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-4393

    Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %6.09
    • Published: Sep. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-18753

    Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.... Read more

    Affected Products : typecho
    • EPSS Score: %2.59
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4121

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted r... Read more

    Affected Products : .net_framework
    • EPSS Score: %42.52
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3913

    Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.... Read more

    Affected Products : accessnow_server
    • EPSS Score: %78.74
    • Published: Jun. 04, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3828

    Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.ph... Read more

    Affected Products : centreon centreon_enterprise_server
    • EPSS Score: %78.59
    • Published: Oct. 23, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3805

    The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.... Read more

    • EPSS Score: %41.18
    • Published: Jun. 13, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2018-18505

    An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created afte... Read more

    • EPSS Score: %3.72
    • Published: Feb. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-18471

    /api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who k... Read more

    Affected Products : hipserv lifecloud stora goflex_home
    • EPSS Score: %15.52
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-18473

    A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via t... Read more

    • EPSS Score: %7.00
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2866

    PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.... Read more

    Affected Products : commonspot_content_server
    • EPSS Score: %1.06
    • Published: Apr. 15, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292319 Results