Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2021-43609

    An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL co... Read more

    Affected Products : help_desk_server
    • Published: Nov. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-4122

    Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.... Read more

    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-31215

    Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2. ... Read more

    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-34007

    Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. ... Read more

    Affected Products : download_monitor
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-34385

    Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0. ... Read more

    Affected Products : export_import_menus
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-23970

    Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.This issue affects Corsa: from n/a through 1.5. ... Read more

    Affected Products : corsa
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-40051

    This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file upload... Read more

    Affected Products : openedge openedge_innovation
    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-27102

    Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is ex... Read more

    Affected Products : wings
    • Published: Mar. 13, 2024
    • Modified: Jan. 23, 2025

  • 9.9

    CRITICAL
    CVE-2017-14444

    An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An a... Read more

    Affected Products : hub_firmware hub
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-32573

    A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerabil... Read more

    Affected Products : lansweeper
    • Published: Dec. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16339

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the buffer at 0xa00016a0. This buffer is 64 bytes large, sen... Read more

    Affected Products : hub_firmware insteon_hub_firmware hub
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16346

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, s... Read more

    Affected Products : hub_firmware insteon_hub_firmware hub
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-1712

    IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-F... Read more

    Affected Products : api_connect
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16270

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16282

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16287

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3863

    On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigge... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • Published: Aug. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16291

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3878

    Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • Published: Aug. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16296

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292793 Results