Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-2429

    The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : xarrow
    • EPSS Score: %3.03
    • Published: May. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-16566

    On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to tak... Read more

    • EPSS Score: %1.33
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2012-3263

    Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1465.... Read more

    Affected Products : sitescope
    • EPSS Score: %24.21
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-4873

    board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.... Read more

    Affected Products : spboard
    • EPSS Score: %4.99
    • Published: Nov. 01, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5090

    Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.... Read more

    Affected Products : advanced_electron_forum
    • EPSS Score: %11.20
    • Published: Nov. 14, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5281

    Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.... Read more

    Affected Products : titan_ftp_server
    • EPSS Score: %5.50
    • Published: Nov. 29, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-18130

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 80... Read more

    • EPSS Score: %0.22
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-3026

    rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code ... Read more

    • EPSS Score: %3.08
    • Published: Nov. 01, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2017-7964

    Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.... Read more

    Affected Products : wre6505_firmware
    • EPSS Score: %2.71
    • Published: Apr. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8954

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %52.89
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-6546

    Unspecified vulnerability in phpns before 2.1.3 has unknown impact and attack vectors related to "activation permissions."... Read more

    Affected Products : phpns
    • EPSS Score: %0.26
    • Published: Mar. 30, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6555

    cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command.... Read more

    Affected Products : webutil
    • EPSS Score: %4.90
    • Published: Mar. 30, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6588

    Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed.... Read more

    Affected Products : adsl2\/2\+4-port_router
    • EPSS Score: %0.90
    • Published: Apr. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-3098

    Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.... Read more

    Affected Products : captivate
    • EPSS Score: %15.17
    • Published: Jun. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3222

    Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.... Read more

    Affected Products : amosconnect
    • EPSS Score: %6.12
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-6476

    In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.... Read more

    Affected Products : superantispyware
    • EPSS Score: %0.42
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6823

    In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.... Read more

    Affected Products : shimo
    • EPSS Score: %0.34
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7300

    Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited... Read more

    • EPSS Score: %12.96
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0506

    Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : nootka
    • EPSS Score: %1.60
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5863

    These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dang... Read more

    • EPSS Score: %10.81
    • Published: Nov. 23, 2012
    • Modified: Jul. 08, 2025
Showing 20 of 292317 Results