Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-1896

    Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : tivoli_storage_manager_fastback
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-19528

    TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-0288

    Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file.... Read more

    Affected Products : ip_messenger
    • Published: Jun. 16, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2018-19276

    OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.... Read more

    Affected Products : openmrs
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-0014

    Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-14324

    The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipu... Read more

    Affected Products : glassfish_server
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-9222

    AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.... Read more

    Affected Products : rompager
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-19063

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password.... Read more

    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-19064

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which canno... Read more

    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-19047

    mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes t... Read more

    Affected Products : mpdf
    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7897

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanner... Read more

    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7893

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid ... Read more

    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-19007

    In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.... Read more

    • Published: Dec. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7891

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509.... Read more

    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7890

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510.... Read more

    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7888

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS prin... Read more

    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2003-0272

    admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value.... Read more

    Affected Products : miniportal
    • Published: May. 27, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-5334

    FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.... Read more

    Affected Products : freenas
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-18843

    The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.... Read more

    Affected Products : gitlab
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4497

    Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293509 Results