Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2018-18843

    The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.... Read more

    Affected Products : gitlab
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4497

    Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-4393

    Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Sep. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-18753

    Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.... Read more

    Affected Products : typecho
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4121

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted r... Read more

    Affected Products : .net_framework
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3913

    Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.... Read more

    Affected Products : accessnow_server
    • Published: Jun. 04, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3828

    Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.ph... Read more

    Affected Products : centreon centreon_enterprise_server
    • Published: Oct. 23, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3805

    The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.... Read more

    • Published: Jun. 13, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2018-18505

    An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created afte... Read more

    • Published: Feb. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-18471

    /api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who k... Read more

    Affected Products : hipserv lifecloud stora goflex_home
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-18473

    A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via t... Read more

    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2866

    PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.... Read more

    Affected Products : commonspot_content_server
    • Published: Apr. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2864

    Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.... Read more

    Affected Products : commonspot_content_server
    • Published: Apr. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2863

    Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter.... Read more

    Affected Products : commonspot_content_server
    • Published: Apr. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2648

    Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : operations_manager unix
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1776

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploit... Read more

    • Actively Exploited
    • Published: Apr. 27, 2014
    • Modified: May. 29, 2025

  • 10.0

    HIGH
    CVE-2014-1379

    Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-18068

    The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host proces... Read more

    • Published: Apr. 04, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-17916

    InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, a... Read more

    • Published: Nov. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-17930

    A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution.... Read more

    Affected Products : sherlock
    • Published: Nov. 28, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293192 Results