Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-9171

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, S... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-9187

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, ... Read more

    • EPSS Score: %0.19
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14060

    OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.... Read more

    Affected Products : xiaomi_r3d_firmware xiaomi_r3d
    • EPSS Score: %11.26
    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10250

    BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3.... Read more

    Affected Products : direx-pro_firmware direx-pro
    • EPSS Score: %3.25
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14067

    Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by def... Read more

    Affected Products : dv-360_firmware dv-360
    • EPSS Score: %8.47
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-4561

    IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 1839... Read more

    Affected Products : oncommand_insight cognos_analytics
    • EPSS Score: %0.87
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2568

    A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.... Read more

    • EPSS Score: %57.51
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-5868

    In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.... Read more

    Affected Products : big-iq_centralized_management
    • EPSS Score: %3.88
    • Published: Apr. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11830

    QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.... Read more

    Affected Products : qualityprotect
    • EPSS Score: %0.44
    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0924

    The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.... Read more

    Affected Products : data_protector
    • EPSS Score: %13.35
    • Published: Feb. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-1127

    SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.... Read more

    Affected Products : smf
    • EPSS Score: %1.77
    • Published: Jun. 21, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-7136

    A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.... Read more

    Affected Products : smart_update_manager
    • EPSS Score: %57.50
    • Published: Apr. 30, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7161

    A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.83
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7142

    A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.26
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7153

    A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.83
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-7356

    CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be ex... Read more

    Affected Products : xpost
    • EPSS Score: %57.14
    • Published: Aug. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-14224

    A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code in... Read more

    Affected Products : notes
    • EPSS Score: %1.67
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-5912

    VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.... Read more

    • EPSS Score: %24.47
    • Published: Nov. 28, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-9653

    NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.... Read more

    • EPSS Score: %86.00
    • Published: May. 31, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-1490

    Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors.... Read more

    Affected Products : cognos_8_business_intelligence
    • EPSS Score: %0.53
    • Published: Apr. 21, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 292318 Results