Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-7725

    includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).... Read more

    Affected Products : nukeviet
    • EPSS Score: %0.68
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7629

    Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.... Read more

    Affected Products : tintin\+\+ wintin\+\+
    • EPSS Score: %6.70
    • Published: Feb. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7585

    An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.... Read more

    Affected Products : waimai_super_cms
    • EPSS Score: %0.26
    • Published: Feb. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7568

    An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.... Read more

    Affected Products : baijiacms
    • EPSS Score: %0.26
    • Published: Feb. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7668

    Prima Systems FlexAir devices have Default Credentials.... Read more

    Affected Products : flexair
    • EPSS Score: %0.34
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7489

    A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.... Read more

    Affected Products : email_security_appliance
    • EPSS Score: %21.07
    • Published: Dec. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7442

    An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authenticati... Read more

    Affected Products : enterprise_password_vault
    • EPSS Score: %5.56
    • Published: May. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7488

    Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.... Read more

    Affected Products : email_security_appliance
    • EPSS Score: %0.50
    • Published: Dec. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7482

    Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.... Read more

    • EPSS Score: %64.58
    • Published: Dec. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7401

    NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.... Read more

    Affected Products : unit nginx unit
    • EPSS Score: %3.42
    • Published: Feb. 08, 2019
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2019-7412

    The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values.... Read more

    Affected Products : ps_phpcaptcha_wp
    • EPSS Score: %0.84
    • Published: Feb. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7316

    An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability.... Read more

    Affected Products : chat2
    • EPSS Score: %0.37
    • Published: Feb. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7314

    liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecif... Read more

    Affected Products : debian_linux streaming_media
    • EPSS Score: %0.64
    • Published: Feb. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7267

    Linear eMerge 50P/5000P devices allow Cookie Path Traversal.... Read more

    • EPSS Score: %9.27
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7271

    Nortek Linear eMerge 50P/5000P devices have Default Credentials.... Read more

    • EPSS Score: %0.42
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7252

    Linear eMerge E3-Series devices have Default Credentials.... Read more

    • EPSS Score: %0.40
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7247

    An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execut... Read more

    Affected Products : overdrive
    • EPSS Score: %0.94
    • Published: May. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2002-2444

    Snoopy before 2.0.0 has a security hole in exec cURL... Read more

    Affected Products : snoopy
    • EPSS Score: %0.48
    • Published: Oct. 28, 2019
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2019-7163

    The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password.... Read more

    • EPSS Score: %3.51
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7164

    SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.... Read more

    • EPSS Score: %1.98
    • Published: Feb. 20, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292522 Results