Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2018-19276

    OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.... Read more

    Affected Products : openmrs
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-0014

    Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9222

    AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.... Read more

    Affected Products : rompager
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-19063

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password.... Read more

    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-19064

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which canno... Read more

    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-19047

    mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes t... Read more

    Affected Products : mpdf
    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7897

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanner... Read more

    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7893

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid ... Read more

    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-19007

    In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.... Read more

    • Published: Dec. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7891

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509.... Read more

    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7890

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510.... Read more

    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7888

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS prin... Read more

    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2003-0272

    admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value.... Read more

    Affected Products : miniportal
    • Published: May. 27, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-5334

    FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.... Read more

    Affected Products : freenas
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-18843

    The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.... Read more

    Affected Products : gitlab
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4497

    Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-4393

    Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Sep. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-18753

    Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.... Read more

    Affected Products : typecho
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4121

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted r... Read more

    Affected Products : .net_framework
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3913

    Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.... Read more

    Affected Products : accessnow_server
    • Published: Jun. 04, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292796 Results