Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2007-3194

    Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php... Read more

    Affected Products : mybloggie
    • EPSS Score: %0.83
    • Published: Jun. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2007-3652

    SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.... Read more

    Affected Products : faname
    • EPSS Score: %0.35
    • Published: Jul. 09, 2008
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-3184

    Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the web... Read more

    • EPSS Score: %12.46
    • Published: Dec. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10194

    The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb.... Read more

    Affected Products : festivaltts4r
    • EPSS Score: %1.58
    • Published: Mar. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2012-10009

    A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to lau... Read more

    Affected Products : 404like
    • EPSS Score: %0.10
    • Published: Mar. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5081

    sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass... Read more

    Affected Products : sphider sphider-plus sphider_pro
    • EPSS Score: %6.28
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1986

    HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.... Read more

    Affected Products : continuous_delivery_automation
    • EPSS Score: %1.30
    • Published: Feb. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-20004

    The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.... Read more

    Affected Products : rest\/json
    • EPSS Score: %0.36
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7137

    The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.... Read more

    Affected Products : burden burden
    • EPSS Score: %11.19
    • Published: Jan. 26, 2014
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2016-2170

    Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.... Read more

    Affected Products : ofbiz open_for_business_project
    • EPSS Score: %14.91
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-0780

    Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.... Read more

    Affected Products : web_studio indusoft_web_studio
    • Actively Exploited
    • EPSS Score: %90.16
    • Published: Apr. 25, 2014
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3177

    Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.... Read more

    Affected Products : giflib
    • EPSS Score: %0.19
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-3742

    decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28... Read more

    Affected Products : android
    • EPSS Score: %0.73
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3820

    The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.... Read more

    Affected Products : android
    • EPSS Score: %1.49
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4819

    The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote attackers to execute arbitrary code via a crafted string.... Read more

    Affected Products : dx_library
    • EPSS Score: %2.68
    • Published: Jun. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5065

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.... Read more

    Affected Products : aleos_firmware gx_440
    • EPSS Score: %0.66
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5668

    Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.... Read more

    • EPSS Score: %4.60
    • Published: Aug. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5711

    NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.... Read more

    • EPSS Score: %0.34
    • Published: Feb. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6696

    sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a large negative value for the data length, aka Qualcomm inter... Read more

    Affected Products : android
    • EPSS Score: %0.22
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-6871

    Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.... Read more

    Affected Products : hhvm
    • EPSS Score: %0.49
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291647 Results