Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-11307

    Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables... Read more

    • EPSS Score: %0.36
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6725

    A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote co... Read more

    Affected Products : android
    • EPSS Score: %3.06
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-11633

    The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges.... Read more

    Affected Products : client_connector
    • EPSS Score: %1.07
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-21820

    A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.... Read more

    Affected Products : dir-3040_firmware dir-3040
    • EPSS Score: %2.00
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-5349

    Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnerability and gain administrative privileges.... Read more

    • EPSS Score: %0.36
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-22707

    A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prio... Read more

    • EPSS Score: %90.00
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-22729

    A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior t... Read more

    • EPSS Score: %0.35
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3169

    An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.... Read more

    Affected Products : jumpserver jumpserver
    • EPSS Score: %1.08
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-5341

    Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Da... Read more

    • EPSS Score: %12.71
    • Published: Jul. 28, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9965

    Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privi... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %0.49
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-9967

    Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privi... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %0.49
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-33527

    In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with th... Read more

    Affected Products : mbdialup
    • EPSS Score: %6.38
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37167

    An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the devic... Read more

    • EPSS Score: %0.58
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9223

    A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vu... Read more

    Affected Products : cloudcenter_orchestrator
    • EPSS Score: %1.75
    • Published: Dec. 26, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2016-7457

    VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.... Read more

    Affected Products : vrealize_operations
    • EPSS Score: %1.51
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-10108

    Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.... Read more

    Affected Products : mycloud_nas
    • EPSS Score: %91.16
    • Published: Jan. 03, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-10115

    NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attack... Read more

    • EPSS Score: %6.24
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-10126

    Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API ... Read more

    Affected Products : splunk
    • EPSS Score: %1.37
    • Published: Jan. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2021-35395

    Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based... Read more

    • Actively Exploited
    • EPSS Score: %93.66
    • Published: Aug. 16, 2021
    • Modified: Aug. 13, 2025

  • 10.0

    HIGH
    CVE-2021-38306

    Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.... Read more

    Affected Products : n1t1_firmware n1t1 n1t1dd1
    • EPSS Score: %31.59
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290979 Results