Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-1999-0003

    Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).... Read more

    Affected Products : aix solaris hp-ux sunos irix ted_cde
    • EPSS Score: %90.34
    • Published: Apr. 01, 1998
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0006

    Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.... Read more

    Affected Products : qpopper
    • EPSS Score: %8.24
    • Published: Jul. 14, 1998
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0005

    Arbitrary command execution via IMAP buffer overflow in authenticate command.... Read more

    Affected Products : imap messaging_server
    • EPSS Score: %17.48
    • Published: Jul. 20, 1998
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0002

    Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.... Read more

    Affected Products : linux bsd_os openlinux
    • EPSS Score: %16.84
    • Published: Oct. 12, 1998
    • Modified: Apr. 03, 2025

  • 9.9

    CRITICAL
    CVE-2018-3877

    An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An att... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.39
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-29241

    Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or s... Read more

    • Published: Mar. 28, 2024
    • Modified: Aug. 12, 2025

  • 9.9

    CRITICAL
    CVE-2019-1003032

    A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/jav... Read more

    Affected Products : email_extension
    • EPSS Score: %0.28
    • Published: Mar. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-19586

    Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular ... Read more

    Affected Products : silverpeas
    • EPSS Score: %4.09
    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-20091

    An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encr... Read more

    Affected Products : data_science_workbench
    • EPSS Score: %1.08
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-9383

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget"... Read more

    • EPSS Score: %0.57
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-11208

    The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potentia... Read more

    Affected Products : api_exchange_gateway
    • EPSS Score: %0.17
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-15954

    An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be... Read more

    Affected Products : total.js_cms
    • EPSS Score: %58.87
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-10417

    Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.... Read more

    Affected Products : kubernetes_pipeline
    • EPSS Score: %0.18
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-10759

    safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.... Read more

    Affected Products : safer-eval
    • EPSS Score: %1.02
    • Published: Oct. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-10458

    Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.... Read more

    Affected Products : puppet_enterprise_pipeline
    • EPSS Score: %0.33
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-16872

    Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).... Read more

    Affected Products : portainer
    • EPSS Score: %0.43
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-10940

    A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on co... Read more

    Affected Products : sinema_server
    • EPSS Score: %0.18
    • Published: Jan. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-6965

    In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 ... Read more

    • EPSS Score: %0.30
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-9408

    The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not ... Read more

    • EPSS Score: %0.24
    • Published: Mar. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-7055

    An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.... Read more

    Affected Products : elementor_page_builder elementor
    • EPSS Score: %2.06
    • Published: Apr. 22, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292386 Results