Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-20418

    IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.... Read more

    Affected Products : linux_kernel security_guardium
    • EPSS Score: %0.14
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20426

    IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196313.... Read more

    Affected Products : linux_kernel security_guardium
    • EPSS Score: %0.07
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7547

    A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.... Read more

    Affected Products : threat_discovery_appliance
    • EPSS Score: %88.55
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7453

    The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.53
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7447

    Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.... Read more

    • EPSS Score: %2.03
    • Published: Feb. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7443

    Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.93
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20307

    Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.... Read more

    Affected Products : fedora debian_linux libpano13
    • EPSS Score: %0.25
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7414

    The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly ha... Read more

    Affected Products : php
    • EPSS Score: %0.92
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7411

    ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that referen... Read more

    Affected Products : php
    • EPSS Score: %0.76
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7402

    SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection.... Read more

    • EPSS Score: %0.25
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2013-2251

    Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.... Read more

    • Actively Exploited
    • EPSS Score: %94.23
    • Published: Jul. 20, 2013
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2021-20232

    A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.... Read more

    Affected Products : enterprise_linux fedora gnutls
    • EPSS Score: %0.84
    • Published: Mar. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20204

    A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a... Read more

    Affected Products : fedora debian_linux getdata
    • EPSS Score: %2.71
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14396

    In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.... Read more

    Affected Products : osticket
    • EPSS Score: %1.72
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-20155

    Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678".... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • EPSS Score: %0.73
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14397

    AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.... Read more

    Affected Products : anydesk windows
    • EPSS Score: %0.49
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-20158

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • EPSS Score: %80.34
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-1891

    Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in m... Read more

    • EPSS Score: %59.64
    • Published: Jul. 10, 2012
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2016-7167

    Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-b... Read more

    Affected Products : fedora curl libcurl
    • EPSS Score: %2.49
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7126

    The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds wr... Read more

    Affected Products : php
    • EPSS Score: %2.09
    • Published: Sep. 12, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292518 Results