Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2012-4449

    Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force at... Read more

    Affected Products : hadoop
    • EPSS Score: %0.40
    • Published: Oct. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8226

    Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using ... Read more

    Affected Products : ipm-721s_firmware ipm-721s
    • EPSS Score: %0.57
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5377

    Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.... Read more

    Affected Products : discuzx discuzx
    • EPSS Score: %0.11
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5767

    An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.... Read more

    Affected Products : ac15_firmware ac15_firmware ac15
    • EPSS Score: %67.54
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5777

    An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors.... Read more

    Affected Products : whatsup_gold whatsup_gold
    • EPSS Score: %0.10
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5971

    SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.... Read more

    Affected Products : medialibrary
    • EPSS Score: %1.49
    • Published: Feb. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9246

    New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, aft... Read more

    Affected Products : .net_agent
    • EPSS Score: %0.25
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-6368

    SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.... Read more

    Affected Products : jomestate_pro
    • EPSS Score: %1.49
    • Published: Feb. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20032

    A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has be... Read more

    Affected Products : phplist
    • EPSS Score: %0.23
    • Published: Jun. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6370

    SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.... Read more

    Affected Products : neorecruit
    • EPSS Score: %1.49
    • Published: Feb. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6395

    SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.... Read more

    Affected Products : visual_calendar
    • EPSS Score: %1.41
    • Published: Jan. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-3202

    The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The... Read more

    Affected Products : flamingo
    • EPSS Score: %11.08
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6578

    SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.... Read more

    Affected Products : je_paypervideo
    • EPSS Score: %1.41
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6581

    SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.... Read more

    Affected Products : jms_music
    • EPSS Score: %1.41
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6582

    SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.... Read more

    Affected Products : zh_googlemap
    • EPSS Score: %1.41
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6609

    SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.... Read more

    Affected Products : jsp_tickets
    • EPSS Score: %2.59
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6953

    In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses.... Read more

    Affected Products : ccn-lite
    • EPSS Score: %0.46
    • Published: Feb. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7039

    CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there ... Read more

    Affected Products : ccn-lite
    • EPSS Score: %0.66
    • Published: Feb. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39070

    IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353.... Read more

    • EPSS Score: %0.67
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7213

    The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context men... Read more

    Affected Products : blur
    • EPSS Score: %0.17
    • Published: Mar. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291150 Results