Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-8280

    UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.... Read more

    Affected Products : ultravnc
    • EPSS Score: %1.74
    • Published: Mar. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8266

    UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via n... Read more

    Affected Products : ultravnc
    • EPSS Score: %1.33
    • Published: Mar. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8264

    UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revisio... Read more

    Affected Products : ultravnc
    • EPSS Score: %1.74
    • Published: Mar. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8262

    UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in rev... Read more

    • EPSS Score: %6.18
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8260

    UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200.... Read more

    Affected Products : ultravnc
    • EPSS Score: %1.04
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5421

    Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb ... Read more

    Affected Products : devise
    • EPSS Score: %0.23
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19521

    libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %0.81
    • Published: Dec. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17383

    The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.... Read more

    Affected Products : netaddr
    • EPSS Score: %0.26
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-4367

    A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.... Read more

    Affected Products : iphone_os
    • EPSS Score: %6.78
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-4110

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence.... Read more

    Affected Products : iphone_os
    • EPSS Score: %3.28
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20062

    An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.... Read more

    Affected Products : nonecms
    • Actively Exploited
    • EPSS Score: %94.31
    • Published: Dec. 11, 2018
    • Modified: Mar. 07, 2025

  • 9.8

    CRITICAL
    CVE-2018-16492

    A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.... Read more

    Affected Products : extend
    • EPSS Score: %2.52
    • Published: Feb. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13797

    The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.... Read more

    Affected Products : node-macaddress
    • EPSS Score: %11.81
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11210

    TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2... Read more

    Affected Products : tinyxml2
    • EPSS Score: %0.48
    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10562

    An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the us... Read more

    Affected Products : gpon_router_firmware gpon_router
    • Actively Exploited
    • EPSS Score: %94.03
    • Published: May. 04, 2018
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2018-10561

    An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. ... Read more

    Affected Products : gpon_router_firmware gpon_router
    • Actively Exploited
    • EPSS Score: %92.02
    • Published: May. 04, 2018
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000875

    Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to a... Read more

    • EPSS Score: %0.39
    • Published: Dec. 20, 2018
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2017-20146

    Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.... Read more

    Affected Products : handlers
    • EPSS Score: %0.06
    • Published: Dec. 27, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000486

    Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution... Read more

    Affected Products : primefaces
    • Actively Exploited
    • EPSS Score: %94.04
    • Published: Jan. 03, 2018
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2019-8272

    UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.... Read more

    • EPSS Score: %1.49
    • Published: Mar. 08, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291616 Results