Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-11325

    An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator accoun... Read more

    Affected Products : joomla\!
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11320

    In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.... Read more

    Affected Products : octopus_deploy octopus_server
    • Published: May. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11210

    TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2... Read more

    Affected Products : tinyxml2
    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11236

    stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow ... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11215

    Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.... Read more

    Affected Products : data_science_workbench
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11219

    An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.... Read more

    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-1003041

    A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.... Read more

    • Published: Mar. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11221

    Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.... Read more

    Affected Products : pandora_fms
    • Published: Jun. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11218

    Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.... Read more

    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23521

    Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes... Read more

    Affected Products : git git
    • Published: Jan. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11136

    The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).... Read more

    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-21298

    Windows OLE Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2018-11052

    Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.... Read more

    Affected Products : elastic_cloud_storage
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28001

    An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API.... Read more

    Affected Products : fortios
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10992

    lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --... Read more

    Affected Products : lilypond
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10969

    SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.... Read more

    Affected Products : pie_register pie-register
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22072

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to... Read more

    Affected Products : weblogic_server
    • Published: Oct. 17, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-22069

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Oct. 17, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2018-10968

    On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability.... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10942

    modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file.... Read more

    Affected Products : prestashop attribute_wizard
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293284 Results