Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-4521

    Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.... Read more

    • EPSS Score: %0.41
    • Published: May. 31, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2310

    General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration sett... Read more

    • EPSS Score: %0.23
    • Published: Jun. 09, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4328

    MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server.... Read more

    • EPSS Score: %0.43
    • Published: Jun. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2496

    The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.... Read more

    Affected Products : android
    • EPSS Score: %0.31
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1395

    The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted ... Read more

    • EPSS Score: %1.56
    • Published: Jun. 19, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1289

    The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discoveri... Read more

    • EPSS Score: %6.31
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3747

    Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated b... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4520

    Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors.... Read more

    • EPSS Score: %2.71
    • Published: Jul. 15, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3487

    Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.... Read more

    Affected Products : webcenter_sites
    • EPSS Score: %4.89
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3556

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to EM Integration.... Read more

    • EPSS Score: %2.56
    • Published: Jul. 21, 2016
    • Modified: May. 08, 2025

  • 10.0

    CRITICAL
    CVE-2022-2970

    MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.... Read more

    Affected Products : libiec61850
    • EPSS Score: %0.27
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-5670

    Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.... Read more

    • EPSS Score: %2.35
    • Published: Aug. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9902

    Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management ... Read more

    Affected Products : android
    • EPSS Score: %3.88
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5799

    Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.... Read more

    • EPSS Score: %0.59
    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5678

    NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.... Read more

    Affected Products : nvrmini_2 nvrsolo
    • EPSS Score: %19.70
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7109

    Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.... Read more

    Affected Products : uma
    • EPSS Score: %1.14
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2021-26729

    Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner In... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.36
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-26730

    A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.19
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-30541

    An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payloa... Read more

    • EPSS Score: %0.35
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-33189

    An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to tri... Read more

    • EPSS Score: %0.42
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290978 Results