Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-17216

    An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.... Read more

    • Published: Oct. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17206

    Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.... Read more

    Affected Products : redis_wrapper
    • Published: Oct. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17320

    NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted ... Read more

    Affected Products : xftp
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17197

    OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.... Read more

    Affected Products : openemr
    • Published: Oct. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17267

    A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.... Read more

    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17076

    An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code execution (RCE), and/or deletion of files on the Jamf Pro server.... Read more

    Affected Products : jamf
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17040

    contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.... Read more

    Affected Products : rsyslog
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16928

    Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.... Read more

    Affected Products : ubuntu_linux fedora debian_linux exim
    • Actively Exploited
    • Published: Sep. 27, 2019
    • Modified: Mar. 07, 2025

  • 9.8

    CRITICAL
    CVE-2019-16915

    An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.... Read more

    Affected Products : pfsense
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16879

    The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may a... Read more

    • Published: Apr. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2008-7313

    The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.... Read more

    Affected Products : openstack nagios snoopy
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2019-16885

    In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in ... Read more

    Affected Products : okaycms
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16759

    vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.... Read more

    Affected Products : vbulletin
    • Actively Exploited
    • Published: Sep. 24, 2019
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2019-16746

    An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.... Read more

    • Published: Sep. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16755

    BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected D... Read more

    Affected Products : myit_digital_workplace
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16748

    In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.... Read more

    Affected Products : wolfssl
    • Published: Sep. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16642

    App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.... Read more

    Affected Products : tuzicms tuzicms
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16672

    An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.... Read more

    • Published: Dec. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16656

    joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.... Read more

    Affected Products : joyplus
    • Published: Sep. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16693

    phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.... Read more

    Affected Products : phpipam
    • Published: Sep. 22, 2019
    • Modified: Apr. 16, 2025
Showing 20 of 293947 Results