Latest CVE Feed
-
10.0
HIGHCVE-2015-6600
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.... Read more
Affected Products : android- Published: Oct. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
CRITICALCVE-2023-25910
A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a databas... Read more
- Published: Jun. 13, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-31137
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processi... Read more
Affected Products : roxy-wi- Published: Jul. 08, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2324
When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, S... Read more
Affected Products : sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware mdm9150_firmware sd_675_firmware sdx24_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware +56 more products- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2016-10760
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.... Read more
Affected Products : swr-300a_firmware swr-300b_firmware swr-300c_firmware swr-300bg_firmware swr-300a swr-300b swr-300c swr-300bg- Published: Jun. 11, 2019
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2015-2692
AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.... Read more
Affected Products : adblock- Published: Jun. 08, 2017
- Modified: Apr. 20, 2025
-
10.0
CRITICALCVE-2019-13411
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).... Read more
- Published: Oct. 17, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45496
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.... Read more
- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2332
Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware +82 more products- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2010-3038
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or ... Read more
- Published: Nov. 22, 2010
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2012-4708
Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.... Read more
Affected Products : codesys_gateway-server- Published: Feb. 24, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2010-1518
Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via the item argument.... Read more
Affected Products : dldrv2_activex_control- Published: Aug. 02, 2010
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2017-11394
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-... Read more
Affected Products : officescan- Published: Aug. 03, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2018-16184
RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execu... Read more
Affected Products : d2200_firmware d5500_firmware d5510_firmware d5520_firmware d6500_firmware d6510_firmware d7500_firmware d8400_firmware d2200 d5500 +6 more products- Published: Jan. 09, 2019
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-40113
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with... Read more
Affected Products : catalyst_pon_switch_cgp-ont-1p_firmware catalyst_pon_switch_cgp-ont-4p_firmware catalyst_pon_switch_cgp-ont-4pvc_firmware catalyst_pon_switch_cgp-ont-4tvcw_firmware catalyst_pon_switch_cgp-ont-4pv_firmware catalyst_pon_switch_cgp-ont-1p catalyst_pon_switch_cgp-ont-4p catalyst_pon_switch_cgp-ont-4pvc catalyst_pon_switch_cgp-ont-4tvcw catalyst_pon_switch_cgp-ont-4pv- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-3939
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact... Read more
Affected Products :- Published: May. 21, 2024
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2014-9353
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.... Read more
Affected Products : oncommand_balance- Published: Feb. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2008-0530
Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response.... Read more
- Published: Feb. 15, 2008
- Modified: Apr. 09, 2025
-
10.0
HIGHCVE-2015-7709
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.... Read more
Affected Products : western_digital_arkeia- Published: Oct. 05, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2019-11353
The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firm... Read more
- Published: May. 09, 2019
- Modified: Nov. 21, 2024