Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-10307

    Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This acco... Read more

    • EPSS Score: %1.12
    • Published: Mar. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2021-0956

    In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction ... Read more

    Affected Products : android
    • EPSS Score: %0.81
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-43439

    RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely... Read more

    Affected Products : iresturant
    • EPSS Score: %3.89
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-27447

    Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code.... Read more

    Affected Products : amegaview
    • EPSS Score: %1.46
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-3834

    A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to th... Read more

    • EPSS Score: %6.23
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2021-23198

    mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.... Read more

    Affected Products : mypro
    • EPSS Score: %0.40
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-43981

    mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.... Read more

    Affected Products : mypro
    • EPSS Score: %0.28
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-2881

    Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.... Read more

    Affected Products : gcw-1010 gcw-1020 gpw-1025
    • EPSS Score: %0.80
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-2885

    Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.... Read more

    Affected Products : peek-a-view_firmware peek-a-view
    • EPSS Score: %0.28
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2020-11136

    Buffer Over-read in audio driver while using malloc management function due to not returning NULL for zero sized memory requirement in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdr... Read more

    Affected Products : apq8009 apq8009w apq8017 apq8030 apq8037 apq8052 apq8053 apq8056 apq8060a apq8062 +496 more products
    • EPSS Score: %0.33
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-2887

    iBaby M3S has a password of admin for the backdoor admin account.... Read more

    • EPSS Score: %0.28
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2021-45613

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before ... Read more

    • EPSS Score: %1.53
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45614

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before... Read more

    • EPSS Score: %1.53
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45619

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R78... Read more

    • EPSS Score: %0.39
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-45630

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850... Read more

    • EPSS Score: %2.18
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-7552

    On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.... Read more

    Affected Products : threat_discovery_appliance
    • EPSS Score: %92.98
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-7588

    On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L274... Read more

    • EPSS Score: %30.89
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-7279

    An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.... Read more

    Affected Products : enterprise_backup
    • EPSS Score: %4.46
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-7921

    mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.... Read more

    Affected Products : android
    • EPSS Score: %0.22
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-4899

    The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.... Read more

    Affected Products : novabackup_datacenter
    • EPSS Score: %4.48
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 290981 Results