Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-1999-0008

    Buffer overflow in NIS+, in Sun's rpc.nisd program.... Read more

    Affected Products : solaris hp-ux sunos
    • Published: Jun. 08, 1998
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0009

    Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.... Read more

    Affected Products : aix solaris sunos bind netbsd linux bsd_os unixware irix openlinux +3 more products
    • Published: Apr. 08, 1998
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0095

    The debug command in Sendmail is enabled, allowing attackers to execute commands as root.... Read more

    Affected Products : sendmail
    • Published: Oct. 01, 1988
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0082

    CWD ~root command in ftpd allows root access.... Read more

    Affected Products : ftp ftpcd
    • Published: Nov. 11, 1988
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0080

    Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.... Read more

    Affected Products : wu-ftpd
    • Published: Nov. 30, 1995
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0003

    Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).... Read more

    Affected Products : aix solaris hp-ux sunos irix ted_cde
    • Published: Apr. 01, 1998
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0006

    Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.... Read more

    Affected Products : qpopper
    • Published: Jul. 14, 1998
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0005

    Arbitrary command execution via IMAP buffer overflow in authenticate command.... Read more

    Affected Products : imap messaging_server
    • Published: Jul. 20, 1998
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0002

    Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.... Read more

    Affected Products : linux bsd_os openlinux
    • Published: Oct. 12, 1998
    • Modified: Apr. 03, 2025

  • 9.9

    CRITICAL
    CVE-2018-3877

    An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An att... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-29241

    Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or s... Read more

    • Published: Mar. 28, 2024
    • Modified: Aug. 12, 2025

  • 9.9

    CRITICAL
    CVE-2019-1003032

    A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/jav... Read more

    Affected Products : email_extension
    • Published: Mar. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-19586

    Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular ... Read more

    Affected Products : silverpeas
    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-20091

    An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encr... Read more

    Affected Products : data_science_workbench
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-9383

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget"... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-11208

    The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potentia... Read more

    Affected Products : api_exchange_gateway
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-15954

    An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be... Read more

    Affected Products : total.js_cms
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-10417

    Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.... Read more

    Affected Products : kubernetes_pipeline
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-10759

    safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.... Read more

    Affected Products : safer-eval
    • Published: Oct. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-10458

    Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.... Read more

    Affected Products : puppet_enterprise_pipeline
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292801 Results