Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2017-10404

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker ... Read more

    • EPSS Score: %1.04
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2020-15715

    rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.... Read more

    Affected Products : rconfig
    • EPSS Score: %2.60
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-22651

    Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security ... Read more

    Affected Products : rancher rancher
    • EPSS Score: %0.19
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025

  • 9.9

    CRITICAL
    CVE-2018-15761

    Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arb... Read more

    • EPSS Score: %0.53
    • Published: Nov. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-32764

    A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerabi... Read more

    Affected Products : myqnapcloud_link
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-32572

    An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trig... Read more

    Affected Products : avideo
    • EPSS Score: %10.00
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-39714

    A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Sep. 07, 2024
    • Modified: Sep. 09, 2024

  • 9.9

    CRITICAL
    CVE-2018-18406

    An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE v... Read more

    Affected Products : securetrack tufinos
    • EPSS Score: %0.73
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16281

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • EPSS Score: %0.08
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-1969

    IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.... Read more

    Affected Products : security_identity_manager
    • EPSS Score: %0.38
    • Published: Jan. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-13478

    The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.... Read more

    Affected Products : yoast_seo
    • EPSS Score: %0.26
    • Published: Jul. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-26943

    An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python ev... Read more

    Affected Products : blazar-dashboard
    • EPSS Score: %1.52
    • Published: Oct. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-11011

    In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8.... Read more

    Affected Products : phproject
    • EPSS Score: %0.90
    • Published: Apr. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-29068

    Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 befo... Read more

    • EPSS Score: %0.55
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3880

    An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles exis... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.29
    • Published: Aug. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1509

    Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.... Read more

    Affected Products : control_panel
    • EPSS Score: %1.68
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-20779

    Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host t... Read more

    • EPSS Score: %2.34
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-21276

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allow... Read more

    • EPSS Score: %1.66
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3925

    An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.42
    • Published: Aug. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-35049

    Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results i... Read more

    Affected Products : deception network
    • EPSS Score: %3.37
    • Published: Jun. 25, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291782 Results