Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2015-9301

    The liveforms plugin before 3.2.0 for WordPress has SQL injection.... Read more

    Affected Products : live_forms
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9326

    The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.... Read more

    Affected Products : wp_business_intelligence
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9352

    The wp-polls plugin before 2.72 for WordPress has SQL injection.... Read more

    Affected Products : wp-polls
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9271

    The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml f... Read more

    Affected Products : video_conference
    • Published: Oct. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9272

    The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP cod... Read more

    Affected Products : video_presentation
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19360

    FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.... Read more

    • Published: Jan. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9245

    Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.... Read more

    Affected Products : openedge
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-9264

    Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service.... Read more

    Affected Products : lansweeper
    • Published: Aug. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9263

    An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.... Read more

    Affected Products : uptime_infrastructure_monitor
    • Published: Aug. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9235

    In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algori... Read more

    Affected Products : jsonwebtoken
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9254

    Datto ALTO and SIRIS devices have a default VNC password.... Read more

    • Published: Feb. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16850

    postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privi... Read more

    • Published: Nov. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9287

    Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the... Read more

    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36673

    Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL ... Read more

    • Published: Jun. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13872

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c.... Read more

    Affected Products : hdf5
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36604

    Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges.... Read more

    Affected Products : o3v2_firmware o3v2 o3 o3_firmware
    • Published: Jun. 04, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-36582

    alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js)... Read more

    Affected Products :
    • Published: Jun. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36540

    Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : external_secrets_operator
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-36554

    Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the dev... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2018-12327

    Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether t... Read more

    Affected Products : ntp
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results