Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-20019

    LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution... Read more

    • Published: Dec. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1567

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.... Read more

    Affected Products : websphere_application_server
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1475

    IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756.... Read more

    Affected Products : bigfix_platform
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8972

    Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.... Read more

    Affected Products : chess
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8626

    The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via ... Read more

    Affected Products : mediawiki
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8521

    Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522.... Read more

    Affected Products : tivoli_storage_manager_fastback
    • Published: Apr. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8520

    Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522.... Read more

    Affected Products : tivoli_storage_manager_fastback
    • Published: Apr. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-29666

    Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.... Read more

    Affected Products :
    • Published: Mar. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1352

    A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.... Read more

    Affected Products : fortios
    • Published: Feb. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1342

    A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.... Read more

    Affected Products : access_manager
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1285

    Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.... Read more

    • Published: May. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1295

    In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The v... Read more

    Affected Products : ignite
    • Published: Apr. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1260

    Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request ... Read more

    Affected Products : spring_security_oauth
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1264

    Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA cli... Read more

    Affected Products : cloud_foundry_log_cache
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1237

    Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleI... Read more

    Affected Products : emc_scaleio
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1297

    When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.... Read more

    Affected Products : jmeter
    • Published: Feb. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19971

    JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.... Read more

    Affected Products : artifactory
    • Published: Apr. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19950

    If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.... Read more

    Affected Products : qts music_station
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19949

    If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 o... Read more

    Affected Products : qts
    • Actively Exploited
    • Published: Oct. 28, 2020
    • Modified: Mar. 12, 2025

  • 9.8

    CRITICAL
    CVE-2018-19925

    An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.... Read more

    • Published: Dec. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293192 Results