Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-10327

    LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.... Read more

    Affected Products : libreoffice
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-3719

    Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.... Read more

    Affected Products : aleph_500
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3699

    eDeploy has RCE via cPickle deserialization of untrusted data... Read more

    Affected Products : jboss_enterprise_web_server edeploy
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-28892

    An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.... Read more

    Affected Products : gocast
    • Published: Nov. 21, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2014-3741

    The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.... Read more

    Affected Products : node-printer
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-3624

    Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.... Read more

    Affected Products : traffic_server
    • Published: Oct. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-3630

    XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML ... Read more

    Affected Products : play_framework play_framework
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-35613

    An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.... Read more

    Affected Products : joomla\!
    • Published: Dec. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35605

    The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.... Read more

    Affected Products : debian_linux kitty kitty
    • Published: Dec. 21, 2020
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2014-3582

    In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.... Read more

    Affected Products : ambari
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-3579

    XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.... Read more

    Affected Products : activemq_apollo
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-35575

    A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA7... Read more

    • Published: Dec. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3527

    When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authenticati... Read more

    Affected Products : spring_security
    • Published: May. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-35565

    An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.... Read more

    Affected Products : mbconnect24 mymbconnect24
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35550

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).... Read more

    Affected Products : android
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35551

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2... Read more

    Affected Products : android
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35527

    In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.... Read more

    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3448

    BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload... Read more

    Affected Products : bss_continuty_cms
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35476

    A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/G... Read more

    Affected Products : opentsdb
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35339

    In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.... Read more

    Affected Products : 74cms
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292785 Results