Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-16491

    A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.... Read more

    Affected Products : node.extend
    • EPSS Score: %0.44
    • Published: Feb. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16445

    An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request.... Read more

    Affected Products : seacms
    • EPSS Score: %0.26
    • Published: Sep. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16352

    There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used.... Read more

    Affected Products : weaselcms
    • EPSS Score: %0.43
    • Published: Sep. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16402

    libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.... Read more

    • EPSS Score: %1.52
    • Published: Sep. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16329

    In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.39
    • Published: Sep. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16432

    BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login.... Read more

    Affected Products : bluecms bluecms
    • EPSS Score: %0.26
    • Published: Sep. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-6652

    Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.... Read more

    Affected Products : page_flip_book
    • EPSS Score: %2.26
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22523

    This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Disc... Read more

    • EPSS Score: %7.19
    • Published: Dec. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16272

    The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy G... Read more

    • EPSS Score: %0.36
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16287

    LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.... Read more

    Affected Products : supersign_cms
    • EPSS Score: %2.58
    • Published: Sep. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16239

    An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.... Read more

    Affected Products : damicms
    • EPSS Score: %0.44
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16203

    PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors.... Read more

    Affected Products : pgpooladmin
    • EPSS Score: %0.92
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-5357

    Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.... Read more

    Affected Products : ektron_content_management_system
    • EPSS Score: %82.60
    • Published: Oct. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-16278

    phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter.... Read more

    Affected Products : phpopensourcecms
    • EPSS Score: %1.80
    • Published: Aug. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2615

    Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124.... Read more

    Affected Products : firefox
    • Published: Mar. 19, 2024
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-1676

    Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Feb. 21, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2018-15888

    An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly.... Read more

    Affected Products : aspcms aspcms
    • EPSS Score: %0.99
    • Published: Aug. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-15868

    SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie.... Read more

    Affected Products : chronoscan
    • EPSS Score: %1.44
    • Published: Jun. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-2781

    Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.41
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2012-2778

    Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.41
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292321 Results