Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-10945

    An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.... Read more

    Affected Products : joomla\! joomla
    • EPSS Score: %85.38
    • Published: Apr. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-1072

    A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.... Read more

    • EPSS Score: %23.96
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10694

    The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resol... Read more

    Affected Products : puppet_enterprise
    • EPSS Score: %0.42
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10202

    A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML ja... Read more

    • EPSS Score: %1.83
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10173

    It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling X... Read more

    • EPSS Score: %91.61
    • Published: Jul. 23, 2019
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2019-1010174

    CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no strin... Read more

    Affected Products : debian_linux cimg_library
    • EPSS Score: %13.12
    • Published: Jul. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10068

    An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the i... Read more

    Affected Products : kentico
    • Actively Exploited
    • EPSS Score: %94.24
    • Published: Mar. 26, 2019
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2020-21179

    Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.... Read more

    Affected Products : koa2-blog
    • EPSS Score: %0.51
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-0813

    An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka 'Windows Admin Center Elevation of Privilege Vulnerability'.... Read more

    Affected Products : windows_admin_center
    • EPSS Score: %10.66
    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-0726

    A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698... Read more

    • EPSS Score: %36.86
    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-0187

    Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. T... Read more

    Affected Products : jmeter
    • EPSS Score: %0.48
    • Published: Mar. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-8971

    The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.... Read more

    Affected Products : gitlab debian_linux
    • EPSS Score: %0.17
    • Published: Mar. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-8529

    A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Tea... Read more

    Affected Products : team_foundation_server
    • EPSS Score: %35.74
    • Published: Nov. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27250

    Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php.... Read more

    Affected Products : online_book_store_project
    • EPSS Score: %0.27
    • Published: Mar. 16, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2018-7552

    There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.... Read more

    Affected Products : debian_linux sam2p
    • EPSS Score: %0.60
    • Published: Feb. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6703

    Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header... Read more

    Affected Products : agent
    • EPSS Score: %2.82
    • Published: Dec. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6512

    The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.... Read more

    • EPSS Score: %1.18
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6376

    In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.... Read more

    Affected Products : joomla\!
    • EPSS Score: %7.38
    • Published: Jan. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5924

    A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.... Read more

    • EPSS Score: %34.86
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5488

    NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the netw... Read more

    • EPSS Score: %2.24
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291969 Results