Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-18826

    Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate ... Read more

    • Published: Dec. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18835

    Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.... Read more

    Affected Products : synapse
    • Published: Nov. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18823

    HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured t... Read more

    Affected Products : fedora debian_linux htcondor
    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18801

    An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death s... Read more

    Affected Products : envoy
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18805

    An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, lea... Read more

    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18622

    An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.... Read more

    Affected Products : fedora leap phpmyadmin backports_sle
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18624

    Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affec... Read more

    Affected Products : mini
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18609

    An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that ... Read more

    • Published: Dec. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18425

    An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operatio... Read more

    Affected Products : fedora debian_linux leap xen
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18418

    clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.... Read more

    Affected Products : clonos
    • Published: Oct. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-1180

    Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact ... Read more

    Affected Products : linux_kernel
    • Published: Jun. 08, 2013
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2019-18387

    Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, ... Read more

    Affected Products : hotel_and_lodge_management_system
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18344

    Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter).... Read more

    Affected Products : online_grading_system
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18355

    An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.... Read more

    Affected Products : secret_server
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18329

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically craft... Read more

    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18326

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically craft... Read more

    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18327

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically craft... Read more

    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18374

    Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.... Read more

    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18330

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically cra... Read more

    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18465

    In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicab... Read more

    Affected Products : moveit_transfer
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293508 Results