Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-17148

    An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential cre... Read more

    Affected Products : nagios_xi
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-4699

    A vulnerability classified as critical was found in PHPGurukul Apartment Visitors Management System 1.0. This vulnerability affects unknown code of the file /admin/visitors-form.php. The manipulation of the argument Category leads to sql injection. The at... Read more

    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-32662

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decod... Read more

    Affected Products : fedora freerdp
    • Published: Apr. 23, 2024
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-3209

    A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. T... Read more

    Affected Products : fedora upx upx
    • Published: Apr. 02, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2013-3941

    Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a ... Read more

    Affected Products : xnview
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17161

    In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack ... Read more

    Affected Products : freebsd
    • Published: Jan. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17036

    An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.... Read more

    Affected Products : ucms
    • Published: Sep. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-3493

    XnView 2.03 has an integer overflow vulnerability... Read more

    Affected Products : xnview
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16974

    An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed ... Read more

    Affected Products : elefant elefant_cms
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16836

    Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passw... Read more

    Affected Products : rubedo
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16791

    In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the... Read more

    Affected Products : sftp\/scp_server
    • Published: Dec. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2010

    WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability... Read more

    Affected Products : w3_total_cache wp_super_cache
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-1666

    Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro.... Read more

    Affected Products : foswiki
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16724

    An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.... Read more

    Affected Products : baijiacms
    • Published: Sep. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16669

    An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the ... Read more

    Affected Products : open_charge_point_protocol
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16657

    In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash ... Read more

    Affected Products : debian_linux kamailio
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16705

    FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS serve... Read more

    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16613

    An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.... Read more

    Affected Products : wpforo_forum
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16530

    A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all ... Read more

    Affected Products : email_security
    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16529

    A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.... Read more

    Affected Products : email_security
    • Published: Mar. 28, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292849 Results