Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-39617

    TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Aug. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14054

    A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered.... Read more

    Affected Products : mp4v2 mp4v2
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7463

    SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter.... Read more

    Affected Products : asanhamayesh_cms
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7552

    There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.... Read more

    Affected Products : debian_linux sam2p
    • Published: Feb. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7440

    An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.... Read more

    Affected Products : debian_linux leptonica
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39551

    PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.... Read more

    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39667

    D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function.... Read more

    • Published: Aug. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7301

    eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.... Read more

    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39526

    PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a ... Read more

    Affected Products : prestashop
    • Published: Aug. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12584

    The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.... Read more

    Affected Products : debian_linux resiprocate
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12547

    In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly calla... Read more

    • Published: Feb. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7312

    SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.... Read more

    Affected Products : alexandria_book_library
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12369

    WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.... Read more

    Affected Products : firefox firefox_esr ubuntu_linux
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7251

    An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.... Read more

    Affected Products : anchor_cms anchor
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7242

    Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision a... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39475

    Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automat... Read more

    Affected Products : ignition
    • Published: May. 03, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2018-11531

    Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.... Read more

    Affected Products : ubuntu_linux debian_linux exiv2
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7246

    A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow re... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7238

    A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code.... Read more

    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7269

    The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.... Read more

    Affected Products : yii yiiframework
    • Published: Mar. 21, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294690 Results