Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-21018

    Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.... Read more

    Affected Products : mastodon
    • EPSS Score: %1.64
    • Published: Sep. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21007

    The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.... Read more

    • EPSS Score: %0.71
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21000

    An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption.... Read more

    Affected Products : safe-transmute
    • EPSS Score: %0.42
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21003

    The buddyforms plugin before 2.2.8 for WordPress has SQL injection.... Read more

    Affected Products : buddyforms
    • EPSS Score: %0.55
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21004

    The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.... Read more

    Affected Products : rsvpmaker rsvpmaker
    • EPSS Score: %0.65
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20995

    An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled.... Read more

    Affected Products : slice-deque
    • EPSS Score: %0.43
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9678

    Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : provisioning_services
    • EPSS Score: %3.45
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-20991

    An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.... Read more

    Affected Products : smallvec
    • EPSS Score: %0.42
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9132

    In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later... Read more

    Affected Products : botan
    • EPSS Score: %0.48
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-8869

    The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.... Read more

    Affected Products : joomla\!
    • EPSS Score: %93.44
    • Published: Nov. 04, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2018-20996

    An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling.... Read more

    Affected Products : crossbeam
    • EPSS Score: %0.42
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20887

    cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.26
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20863

    cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).... Read more

    Affected Products : cpanel
    • EPSS Score: %2.13
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7398

    A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via c... Read more

    Affected Products : ext-http
    • EPSS Score: %5.72
    • Published: Sep. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20810

    Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or ... Read more

    Affected Products : pulse_policy_secure connect_secure
    • EPSS Score: %1.54
    • Published: Jun. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20817

    SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication... Read more

    Affected Products : call_of_duty\
    • EPSS Score: %3.06
    • Published: Apr. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20771

    An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.... Read more

    • EPSS Score: %2.12
    • Published: Feb. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20768

    An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable f... Read more

    • EPSS Score: %0.64
    • Published: Feb. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20764

    A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.... Read more

    Affected Products : linux_kernel boks
    • EPSS Score: %0.54
    • Published: Feb. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6809

    Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.... Read more

    Affected Products : tika nutch
    • EPSS Score: %9.27
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292387 Results