Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-1000533

    klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using... Read more

    Affected Products : gitlist
    • EPSS Score: %93.25
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000525

    openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variabl... Read more

    Affected Products : openpsa
    • EPSS Score: %4.20
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000501

    Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears ... Read more

    Affected Products : instant_update_cms
    • EPSS Score: %0.49
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-1999-0066

    AnyForm CGI remote execution.... Read more

    Affected Products : anyform
    • EPSS Score: %12.38
    • Published: Jul. 31, 1995
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000300

    curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with ver... Read more

    Affected Products : ubuntu_linux curl
    • EPSS Score: %1.09
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.7

    HIGH
    CVE-2014-5422

    CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors.... Read more

    Affected Products : pyxis_supplystation
    • EPSS Score: %0.42
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 9.7

    HIGH
    CVE-2020-35800

    Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.... Read more

    • EPSS Score: %1.25
    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.7

    HIGH
    CVE-2016-2297

    Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."... Read more

    • EPSS Score: %1.59
    • Published: May. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.7

    HIGH
    CVE-2015-8214

    A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), ... Read more

    • EPSS Score: %1.35
    • Published: Nov. 27, 2015
    • Modified: Apr. 12, 2025

  • 9.7

    HIGH
    CVE-2006-1866

    Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial co... Read more

    Affected Products : database_server
    • EPSS Score: %5.18
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 9.7

    HIGH
    CVE-2014-2046

    cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePa... Read more

    Affected Products : pipa_c211_web_interface pipa_c211
    • EPSS Score: %10.94
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 9.7

    HIGH
    CVE-2019-5399

    A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.... Read more

    • EPSS Score: %0.65
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.7

    HIGH
    CVE-2019-5396

    A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.... Read more

    • EPSS Score: %1.29
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.7

    HIGH
    CVE-2019-5397

    A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.... Read more

    • EPSS Score: %1.28
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2016-6658

    Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the ... Read more

    • EPSS Score: %0.31
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-11045

    A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on... Read more

    Affected Products : stable-diffusion-webui
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 9.6

    CRITICAL
    CVE-2025-3621

    Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.  * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use o... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.6

    CRITICAL
    CVE-2019-3709

    IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the conte... Read more

    Affected Products : emc_isilonsd_management_server
    • EPSS Score: %0.54
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-15074

    The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is ... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.89
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-13364

    admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat&#95;number, billing&#95;name, company, or billing&#95;address parameter. This is exploitable via CSRF.... Read more

    Affected Products : piwigo
    • EPSS Score: %0.30
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292733 Results