Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-21242

    In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User inter... Read more

    Affected Products : android
    • Published: Aug. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000628

    Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of... Read more

    Affected Products : v2i_hub
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-2930

    Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network ac... Read more

    Affected Products : solaris_cluster
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000620

    Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appe... Read more

    Affected Products : cryptiles
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000631

    Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or dele... Read more

    Affected Products : v2i_hub
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000627

    Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to t... Read more

    Affected Products : v2i_hub
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000626

    Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged A... Read more

    Affected Products : v2i_hub
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000616

    ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch... Read more

    Affected Products : onos
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000537

    Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file... Read more

    Affected Products : marlin_firmware
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000613

    Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private k... Read more

    • Published: Jul. 09, 2018
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000618

    EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability ... Read more

    Affected Products : eos
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000533

    klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using... Read more

    Affected Products : gitlist
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000525

    openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variabl... Read more

    Affected Products : openpsa
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000501

    Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears ... Read more

    Affected Products : instant_update_cms
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-1999-0066

    AnyForm CGI remote execution.... Read more

    Affected Products : anyform
    • Published: Jul. 31, 1995
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000300

    curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with ver... Read more

    Affected Products : ubuntu_linux curl
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.7

    HIGH
    CVE-2014-5422

    CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors.... Read more

    Affected Products : pyxis_supplystation
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 9.7

    HIGH
    CVE-2020-35800

    Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.... Read more

    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.7

    HIGH
    CVE-2016-2297

    Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."... Read more

    • Published: May. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.7

    HIGH
    CVE-2015-8214

    A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), ... Read more

    • Published: Nov. 27, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293505 Results