Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-2429

    libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cau... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6603

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.... Read more

    Affected Products : android
    • EPSS Score: %3.76
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6636

    mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-10251

    A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitr... Read more

    Affected Products : aleos es440 es450 gx400 gx440 gx450 ls300 rv50 rv50x mp70 +1 more products
    • EPSS Score: %0.08
    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-2357

    The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.... Read more

    Affected Products : tekradius
    • EPSS Score: %0.65
    • Published: Jul. 07, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-3040

    Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNod... Read more

    Affected Products : intelligent_contact_manager
    • EPSS Score: %25.56
    • Published: Nov. 09, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-11241

    An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of... Read more

    Affected Products : t-router_firmware t-router
    • EPSS Score: %3.61
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15519

    Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.... Read more

    Affected Products : power-response
    • EPSS Score: %0.80
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-2159

    Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c.... Read more

    Affected Products : command_line_xml_toolkit
    • EPSS Score: %0.43
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-19646

    The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.... Read more

    Affected Products : securesphere
    • EPSS Score: %2.61
    • Published: Nov. 28, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12925

    Baseon Lantronix MSS devices do not require a password for TELNET access.... Read more

    Affected Products : mss_firmware mss
    • EPSS Score: %0.30
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13551

    Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code w... Read more

    Affected Products : wise-paas\/rmm
    • EPSS Score: %0.99
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14313

    A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.... Read more

    Affected Products : photo_gallery
    • EPSS Score: %4.14
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14527

    An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.... Read more

    Affected Products : mr1100_firmware mr1100
    • EPSS Score: %0.51
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-3935

    Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.... Read more

    • EPSS Score: %0.45
    • Published: Nov. 12, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-3918

    The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.... Read more

    • EPSS Score: %0.35
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24679

    A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.... Read more

    • EPSS Score: %0.76
    • Published: Dec. 22, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15940

    Victure PC530 devices allow unauthenticated TELNET access as root.... Read more

    Affected Products : pc530_firmware pc530
    • EPSS Score: %0.48
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-5016

    An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafte... Read more

    • EPSS Score: %0.92
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-5049

    An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader ... Read more

    • EPSS Score: %0.42
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292316 Results