Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-10145

    Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.... Read more

    Affected Products : imagemagick
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10098

    An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands.... Read more

    • Published: Feb. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10082

    include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() ... Read more

    Affected Products : serendipity
    • Published: Dec. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-38225

    Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability... Read more

    Affected Products : dynamics_365_business_central
    • Published: Sep. 10, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2016-10128

    Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.... Read more

    Affected Products : libgit2 libgit2
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10045

    The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping ... Read more

    Affected Products : joomla\! wordpress phpmailer
    • Published: Dec. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-10036

    Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary file... Read more

    Affected Products : artifactory
    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10033

    The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.... Read more

    Affected Products : joomla\! wordpress phpmailer
    • Actively Exploited
    • Published: Dec. 30, 2016
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2016-1000282

    Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.... Read more

    Affected Products : haraka
    • Published: Feb. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1000113

    XSS and SQLi in huge IT gallery v1.1.5 for Joomla... Read more

    Affected Products : image_gallery gallery
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1000027

    Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentic... Read more

    Affected Products : spring_framework
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1000156

    Mailcwp remote file upload vulnerability incomplete fix v1.100... Read more

    Affected Products : mailcwp
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-12812

    An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the ca... Read more

    Affected Products : fortios
    • Actively Exploited
    • Published: Jul. 24, 2020
    • Modified: Feb. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-38076

    Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability... Read more

    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-12460

    OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause re... Read more

    Affected Products : fedora debian_linux opendmarc
    • Published: Jul. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1000030

    Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploita... Read more

    Affected Products : linux_enterprise_server pidgin
    • Published: Sep. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-0930

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period ... Read more

    Affected Products : operations_manager
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-38140

    Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability... Read more

    • Published: Aug. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-0917

    The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does n... Read more

    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0883

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key ... Read more

    Affected Products : operations_manager
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292870 Results