Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-14052

    u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Musi... Read more

    • Published: Sep. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14083

    While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is specified in the attribute length field of extended SSI which can lead to integer underflow in Snapdragon Auto, Snapdragon C... Read more

    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-25024

    OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.... Read more

    Affected Products : openrepeater
    • Published: Feb. 19, 2021
    • Modified: Apr. 16, 2025

  • 10.0

    HIGH
    CVE-2019-14451

    RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configura... Read more

    Affected Products : repetier-server
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-3416

    All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system.... Read more

    Affected Products : zxv10_b860a_firmware zxv10_b860a
    • Published: Sep. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-7792

    Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.... Read more

    Affected Products : cg-wlbargs_firmware
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2019-5485

    NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.... Read more

    Affected Products : gitlabhook
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16736

    A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.... Read more

    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17211

    An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_... Read more

    Affected Products : mbed mbed
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-5367

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more

    Affected Products : intelligent_management_center
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-3987

    The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.... Read more

    Affected Products : password_manager
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-2126

    WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.... Read more

    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-7214

    SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying ... Read more

    Affected Products : smartermail
    • Published: Apr. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-19994

    An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PH... Read more

    Affected Products : visual_access_manager
    • Published: Feb. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-29602

    The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access wi... Read more

    Affected Products : docker_image
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2097

    In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-25848

    HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.... Read more

    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0117

    In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitatio... Read more

    Affected Products : android
    • Published: Jun. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0225

    In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-4787

    Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.... Read more

    Affected Products : pulse_connect_secure connect_secure
    • Published: May. 26, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293333 Results