Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-5393

    The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it ... Read more

    Affected Products : eap_controller
    • EPSS Score: %15.74
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14790

    Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.... Read more

    • EPSS Score: %3.98
    • Published: Oct. 01, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11351

    Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.... Read more

    Affected Products : mu553s_firmware mu553s
    • EPSS Score: %0.28
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14421

    D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.... Read more

    Affected Products : dir-850l_firmware dir-850l
    • EPSS Score: %3.70
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14429

    The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell me... Read more

    Affected Products : dir-850l_firmware dir-850l
    • EPSS Score: %2.54
    • Published: Sep. 13, 2017
    • Modified: May. 06, 2025

  • 10.0

    HIGH
    CVE-2017-14243

    An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi,... Read more

    Affected Products : wa3002g4_firmware wa3002g4
    • EPSS Score: %60.33
    • Published: Sep. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8771

    On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link tha... Read more

    • EPSS Score: %0.35
    • Published: Sep. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8772

    On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code ... Read more

    • EPSS Score: %0.28
    • Published: Sep. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-1187

    The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.... Read more

    • Actively Exploited
    • EPSS Score: %78.16
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-12928

    A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.... Read more

    Affected Products : dlx_spot_player4
    • EPSS Score: %2.27
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-12905

    Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.... Read more

    Affected Products : pixie_-_image_editor
    • EPSS Score: %1.85
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-8249

    The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.... Read more

    Affected Products : desktop_central
    • EPSS Score: %81.79
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-28849

    GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform... Read more

    Affected Products : glpi
    • EPSS Score: %0.43
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14350

    A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.... Read more

    • EPSS Score: %1.13
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-26121

    All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.... Read more

    Affected Products : safe-eval
    • EPSS Score: %0.08
    • Published: Apr. 11, 2023
    • Modified: Feb. 10, 2025

  • 10.0

    CRITICAL
    CVE-2023-26122

    All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **... Read more

    Affected Products : safe-eval
    • EPSS Score: %2.88
    • Published: Apr. 11, 2023
    • Modified: Feb. 07, 2025

  • 10.0

    HIGH
    CVE-2017-0807

    An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.... Read more

    Affected Products : android
    • EPSS Score: %2.48
    • Published: Oct. 04, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2013-6924

    Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.... Read more

    • EPSS Score: %49.80
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-5791

    An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.... Read more

    Affected Products : jtc-200_firmware jtc-200
    • EPSS Score: %0.32
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3761

    The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.... Read more

    Affected Products : service_framework
    • EPSS Score: %4.52
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 290981 Results