Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2016-8355

    An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated... Read more

    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2016-9832

    PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated... Read more

    • Published: Dec. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.9

    CRITICAL
    CVE-2015-7411

    The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.... Read more

    Affected Products : tivoli_monitoring
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.9

    CRITICAL
    CVE-2018-18555

    A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of ... Read more

    Affected Products : vyos
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-27483

    Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ prog... Read more

    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-8992

    The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Ac... Read more

    • Published: Apr. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-16096

    In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system... Read more

    Affected Products : command_centre
    • Published: Sep. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-11075

    In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can on... Read more

    Affected Products : engine
    • Published: May. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3896

    An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON pa... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-20780

    Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host t... Read more

    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-26780

    Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigg... Read more

    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-38163

    SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operat... Read more

    Affected Products : netweaver
    • Actively Exploited
    • Published: Sep. 14, 2021
    • Modified: Mar. 13, 2025

  • 9.9

    CRITICAL
    CVE-2021-43928

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands... Read more

    Affected Products : mail_station
    • Published: Feb. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-6513

    The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.... Read more

    Affected Products : whmcs_reseller_module virtualizor
    • Published: Mar. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2023-27881

    A user could use the “Upload Resource” functionality to upload files to any location on the disk. ... Read more

    Affected Products : vuforia_studio
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-29510

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translati... Read more

    Affected Products : xwiki
    • Published: Apr. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-35150

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programmi... Read more

    Affected Products : xwiki
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-34827

    Carel Boss Mini 1.5.0 has Improper Access Control.... Read more

    Affected Products : boss_mini_firmware boss_mini
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 9.9

    CRITICAL
    CVE-2023-26475

    XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the do... Read more

    Affected Products : xwiki
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-46808

    An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user. ... Read more

    Affected Products : neurons_for_itsm
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293258 Results