Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-12326

    Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.... Read more

    Affected Products : sp-r50p_firmware sp-r50p
    • EPSS Score: %1.56
    • Published: Jul. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-3980

    PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.... Read more

    Affected Products : rgamescript_pro
    • EPSS Score: %1.75
    • Published: Jul. 25, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-2719

    Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.... Read more

    Affected Products : systems_insight_manager
    • EPSS Score: %5.72
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-0104

    Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    • EPSS Score: %10.75
    • Published: Mar. 18, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3492

    Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.... Read more

    Affected Products : daqfactory
    • EPSS Score: %78.30
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-9042

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message.... Read more

    Affected Products : android
    • EPSS Score: %0.19
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2010-4725

    Smarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags option in the php.ini file, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : smarty
    • EPSS Score: %0.44
    • Published: Feb. 03, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-2810

    SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party in... Read more

    Affected Products : gazi_download_portal
    • EPSS Score: %0.39
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-4099

    Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, as used in JOGAMP, allow context-dependent attackers to execute arbitrary code via a crafted parameter to the (1) alAuxiliaryEffectSlotf1, (2) alBuffer3f1, (3) alBufferfv1, (4) alDelet... Read more

    Affected Products : joal jogamp
    • EPSS Score: %1.50
    • Published: Jun. 13, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-20512

    EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.... Read more

    • EPSS Score: %0.72
    • Published: Jan. 03, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-9069

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9136

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and... Read more

    • EPSS Score: %0.23
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-9148

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, ... Read more

    • EPSS Score: %0.23
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9024

    Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts.... Read more

    • EPSS Score: %0.21
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2000-0245

    Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.... Read more

    Affected Products : irix
    • EPSS Score: %5.87
    • Published: Mar. 27, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2017-18127

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, th... Read more

    • EPSS Score: %0.23
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-4781

    core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    • EPSS Score: %4.50
    • Published: Jul. 18, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2003-1048

    Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.... Read more

    • EPSS Score: %59.77
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-20432

    D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.... Read more

    • EPSS Score: %16.53
    • Published: Sep. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2075

    TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    • EPSS Score: %2.52
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292325 Results