Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2017-16330

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • EPSS Score: %0.08
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16332

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • EPSS Score: %0.08
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16334

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • EPSS Score: %0.08
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3895

    An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 b... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.22
    • Published: Aug. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-16367

    In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.... Read more

    Affected Products : onlinejudge
    • EPSS Score: %0.92
    • Published: Sep. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-0671

    Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.... Read more

    Affected Products : froxlor
    • EPSS Score: %0.15
    • Published: Feb. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3864

    An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. A... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.39
    • Published: Sep. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3873

    An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An att... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.39
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-26474

    XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known wor... Read more

    Affected Products : xwiki
    • EPSS Score: %0.36
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-27479

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki inst... Read more

    Affected Products : xwiki
    • EPSS Score: %1.60
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-38074

    SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.... Read more

    Affected Products : wp_statistics
    • EPSS Score: %0.41
    • Published: Mar. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-3682

    A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. ... Read more

    Affected Products : sdm600
    • EPSS Score: %0.25
    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-12822

    Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.... Read more

    Affected Products : sentinel_ldk_rte_firmware
    • EPSS Score: %0.30
    • Published: Oct. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-13706

    XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request ... Read more

    Affected Products : lansweeper
    • EPSS Score: %1.41
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2023-29210

    XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki... Read more

    Affected Products : xwiki
    • EPSS Score: %8.21
    • Published: Apr. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-29211

    XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.DeleteWiki` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The... Read more

    Affected Products : xwiki
    • EPSS Score: %8.29
    • Published: Apr. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-29511

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access ... Read more

    Affected Products : xwiki
    • EPSS Score: %2.14
    • Published: Apr. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-29514

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their own user profile) can execute code with programming rights, leading to remote code execution. T... Read more

    Affected Products : xwiki
    • EPSS Score: %3.77
    • Published: Apr. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-29525

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the `since` parameter of the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationA... Read more

    Affected Products : xwiki
    • EPSS Score: %24.03
    • Published: Apr. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-12251

    A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. The vulnerab... Read more

    Affected Products : cloud_services_platform_2100
    • EPSS Score: %3.20
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291520 Results