Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-9061

    In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9067

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-2785

    An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execut... Read more

    Affected Products : popup
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9072

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2010-0276

    IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack... Read more

    • Published: Jan. 09, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-0913

    Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache.... Read more

    Affected Products : lotus_domino
    • Published: Feb. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-7158

    A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7745

    This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.... Read more

    Affected Products : mintegraladsdk
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-8950

    The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.... Read more

    Affected Products : h665_firmware h665
    • Published: Feb. 20, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9863

    Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control... Read more

    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1623

    Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET ses... Read more

    • Published: Jun. 02, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-13405

    A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay... Read more

    Affected Products : vd_1_firmware vd_1
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-0265

    An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus gran... Read more

    Affected Products : appformix
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0838

    Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (me... Read more

    Affected Products : android
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-17153

    It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a pass... Read more

    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-2158

    The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/... Read more

    Affected Products : smarterstats
    • Published: May. 20, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-15137

    CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the ... Read more

    Affected Products : clr-m20_firmware clr-m20
    • Published: Aug. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-1965

    Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking... Read more

    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-7173

    Belkin n750 routers have a buffer overflow.... Read more

    Affected Products : n750_firmware n750
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-15477

    myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device.... Read more

    Affected Products : wifi_switch_firmware wifi_switch
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293182 Results