Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-2883

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    Affected Products : weblogic_server
    • Actively Exploited
    • Published: Apr. 15, 2020
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2016-10253

    An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordina... Read more

    Affected Products : erlang\/otp
    • Published: Mar. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10243

    TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.... Read more

    Affected Products : fedora debian_linux tex_live
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-27615

    The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.... Read more

    Affected Products : loginizer
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10309

    In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser.... Read more

    • Published: Mar. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-38327

    IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API.... Read more

    Affected Products : analytics_content_hub
    • Published: Jul. 10, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2016-10195

    The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.... Read more

    Affected Products : debian_linux libevent
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10176

    The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also... Read more

    Affected Products : wnr2000v5_firmware wnr2000v5
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-38346

    The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabil... Read more

    Affected Products : cloudstack
    • Published: Jul. 05, 2024
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-38289

    A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQ... Read more

    Affected Products : turbomeeting
    • Published: Jul. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10144

    coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.... Read more

    Affected Products : imagemagick
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10157

    Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and ... Read more

    Affected Products : netsession
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10131

    system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.... Read more

    Affected Products : codeigniter
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10134

    SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.... Read more

    Affected Products : zabbix
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10145

    Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.... Read more

    Affected Products : imagemagick
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10098

    An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands.... Read more

    • Published: Feb. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10082

    include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() ... Read more

    Affected Products : serendipity
    • Published: Dec. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-38225

    Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability... Read more

    Affected Products : dynamics_365_business_central
    • Published: Sep. 10, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2016-10128

    Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.... Read more

    Affected Products : libgit2 libgit2
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10045

    The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping ... Read more

    Affected Products : joomla\! wordpress phpmailer
    • Published: Dec. 30, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292803 Results