Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-17932

    JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.... Read more

    Affected Products : k-800_firmware k-800
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-0513

    Stack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and 16.2.x before 16.2.2 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : illustrator
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-17914

    InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the Indu... Read more

    • Published: Nov. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-0196

    Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.... Read more

    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-17565

    Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.... Read more

    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-17532

    Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute a... Read more

    • Published: Oct. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-0170

    Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.... Read more

    Affected Products : aix
    • Published: Mar. 29, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2013-5558

    The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access via the administrative interface, aka Bug ID CSCuj17238... Read more

    • Published: Nov. 08, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-5327

    MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.... Read more

    Affected Products : robohelp
    • Published: Oct. 09, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-5033

    Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034.... Read more

    Affected Products : atmail
    • Published: Jan. 12, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-5032

    Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034.... Read more

    Affected Products : atmail
    • Published: Jan. 12, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-4841

    Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509.... Read more

    • Published: Feb. 26, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-4810

    HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, ... Read more

    • Actively Exploited
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-4785

    The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the ve... Read more

    Affected Products : idrac6_firmware idrac6_firmware
    • Published: Jul. 08, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-4782

    The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.... Read more

    Affected Products : bmc
    • Published: Jul. 08, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-4735

    The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network.... Read more

    Affected Products : dasdec_eas r189_one-net_eas
    • Published: Jun. 30, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-17157

    In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to ex... Read more

    Affected Products : freebsd
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-4437

    Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."... Read more

    Affected Products : salt
    • Published: Nov. 05, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-4265

    The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.... Read more

    Affected Products : ffmpeg
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-17063

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters... Read more

    Affected Products : dir-816_a2_firmware dir-816_a2
    • Published: Sep. 15, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293298 Results