Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-0807

    An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.... Read more

    Affected Products : android
    • EPSS Score: %2.48
    • Published: Oct. 04, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2013-6924

    Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.... Read more

    • EPSS Score: %49.80
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-5791

    An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.... Read more

    Affected Products : jtc-200_firmware jtc-200
    • EPSS Score: %0.32
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3761

    The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.... Read more

    Affected Products : service_framework
    • EPSS Score: %4.52
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2021-33975

    Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges.... Read more

    Affected Products : safe_browser
    • EPSS Score: %0.29
    • Published: Apr. 19, 2023
    • Modified: Feb. 05, 2025

  • 10.0

    CRITICAL
    CVE-2021-33970

    Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.... Read more

    Affected Products : chrome
    • EPSS Score: %0.36
    • Published: Apr. 19, 2023
    • Modified: Feb. 05, 2025

  • 10.0

    CRITICAL
    CVE-2023-1778

    This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based managemen... Read more

    • EPSS Score: %0.26
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-10402

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    • EPSS Score: %1.65
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-10405

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    • EPSS Score: %1.74
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-2564

    OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. ... Read more

    Affected Products : scanservjs
    • EPSS Score: %38.24
    • Published: May. 07, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-2583

    Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.... Read more

    Affected Products : jsreport
    • EPSS Score: %0.11
    • Published: May. 08, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-12796

    The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users ... Read more

    Affected Products : openmrs
    • EPSS Score: %5.73
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2023-2645

    A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded pa... Read more

    Affected Products : usr-g806_firmware usr-g806
    • EPSS Score: %5.62
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11767

    ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".... Read more

    Affected Products : chakracore
    • EPSS Score: %17.16
    • Published: Nov. 02, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14024

    A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been ident... Read more

    • EPSS Score: %3.53
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-2909

    EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.... Read more

    Affected Products : data_master adm
    • EPSS Score: %0.30
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-1000228

    nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function... Read more

    Affected Products : ejs
    • EPSS Score: %7.18
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-1000169

    QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.... Read more

    Affected Products : quickerbb
    • EPSS Score: %3.44
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11402

    An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port o... Read more

    • EPSS Score: %0.09
    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-22583

    The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.... Read more

    Affected Products : ak-em100_firmware ak-em100
    • EPSS Score: %0.07
    • Published: Jun. 11, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291617 Results