Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-6556

    cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command.... Read more

    Affected Products : webutil
    • Published: Mar. 30, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-0264

    Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors.... Read more

    Affected Products : systemcastwizard_lite
    • Published: Jan. 26, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-0243

    Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.... Read more

    Affected Products : advantech_webaccess
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2016-10495

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range.... Read more

    Affected Products : android mdm9635m_firmware mdm9635m
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-1896

    Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of t... Read more

    • Published: Jan. 27, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-7350

    Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact and attack vectors related to "important securit... Read more

    Affected Products : security_gateway
    • Published: Apr. 01, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2331

    The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.... Read more

    • Published: Apr. 25, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2428

    libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a de... Read more

    Affected Products : android
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2003-1496

    Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.... Read more

    Affected Products : tru64
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-3438

    Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materializ... Read more

    Affected Products : database_server
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2016-3877

    Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors.... Read more

    Affected Products : android
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4165

    The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input.... Read more

    Affected Products : brackets
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5228

    Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. ... Read more

    Affected Products : rumba
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-0640

    Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjun... Read more

    Affected Products : ghost_solutions_suite
    • Published: Feb. 08, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2016-6532

    DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session.... Read more

    Affected Products : imaging_suite
    • Published: Sep. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7560

    The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.... Read more

    Affected Products : fortiwlc
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2050

    D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : dap-1320_firmware dap-1320
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-3235

    Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors.... Read more

    Affected Products : websphere_application_server
    • Published: Jul. 21, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-6433

    gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.... Read more

    Affected Products : gopro_hero_firmware gopro_hero
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2867

    A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.... Read more

    Affected Products : comfortlink_ii_firmware
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293309 Results