Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-14910

    In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible... Read more

    • EPSS Score: %0.27
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11632

    An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session.... Read more

    Affected Products : wireless_ip_camera_360
    • EPSS Score: %2.59
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2023-4744

    A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. Th... Read more

    Affected Products : ac8_firmware ac8
    • EPSS Score: %0.46
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6530

    OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and pre... Read more

    • Actively Exploited
    • EPSS Score: %93.89
    • Published: Mar. 06, 2018
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2016-5179

    Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.... Read more

    Affected Products : chrome_os
    • EPSS Score: %3.35
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7890

    A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified sys... Read more

    • EPSS Score: %87.59
    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-41084

    Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device. ... Read more

    Affected Products : modulys_gp_firmware modulys_gp
    • EPSS Score: %0.07
    • Published: Sep. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-1000124

    I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be ex... Read more

    Affected Products : i_librarian i\,_librarian
    • EPSS Score: %0.41
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-40455

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos
    • EPSS Score: %0.27
    • Published: Sep. 27, 2023
    • Modified: May. 02, 2025

  • 10.0

    HIGH
    CVE-2018-5781

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrec... Read more

    Affected Products : connect_onsite st14.2
    • EPSS Score: %1.18
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5782

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethos... Read more

    Affected Products : connect_onsite st14.2
    • EPSS Score: %33.39
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6329

    It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary co... Read more

    Affected Products : backup
    • EPSS Score: %79.54
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6229

    A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.... Read more

    Affected Products : email_encryption_gateway
    • EPSS Score: %3.65
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10393

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. ... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-17773

    In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 8... Read more

    • EPSS Score: %0.58
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18067

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.... Read more

    Affected Products : android
    • EPSS Score: %1.25
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0541

    Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors.... Read more

    Affected Products : tinyftp
    • EPSS Score: %0.77
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-12815

    Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/... Read more

    Affected Products : remote_support
    • EPSS Score: %0.52
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-3991

    An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.... Read more

    Affected Products : freshtomato
    • EPSS Score: %1.28
    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-45128

    Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This ... Read more

    Affected Products : fiber
    • EPSS Score: %0.07
    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291589 Results