Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2019-1003034

    A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDs... Read more

    • EPSS Score: %1.92
    • Published: Mar. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-1003030

    A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on ... Read more

    • Actively Exploited
    • EPSS Score: %93.01
    • Published: Mar. 08, 2019
    • Modified: Feb. 20, 2025

  • 9.9

    CRITICAL
    CVE-2019-1003029

    A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroov... Read more

    • Actively Exploited
    • EPSS Score: %91.44
    • Published: Mar. 08, 2019
    • Modified: Feb. 20, 2025

  • 9.9

    CRITICAL
    CVE-2021-21477

    SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads... Read more

    Affected Products : commerce
    • EPSS Score: %1.15
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-3553

    Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported version that is affected is 11.1.2.3.0. Easily "exploitable" vulnerability allows low privileged attacker with network access vi... Read more

    Affected Products : identity_manager
    • EPSS Score: %0.87
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-10272

    Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows low privileged attacker with network access ... Read more

    Affected Products : tuxedo
    • EPSS Score: %1.32
    • Published: Nov. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-10202

    Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with... Read more

    Affected Products : database
    • EPSS Score: %2.14
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2016-9269

    Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary com... Read more

    • EPSS Score: %6.85
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2023-28110

    Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes clu... Read more

    Affected Products : jumpserver koko
    • EPSS Score: %0.36
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-38702

    Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the s... Read more

    Affected Products : knowage
    • EPSS Score: %0.27
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-22530

    A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This is... Read more

    • Published: Aug. 28, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2019-2253

    Buffer over-read can occur while parsing an ogg file with a corrupted comment block. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon W... Read more

    • EPSS Score: %0.37
    • Published: Jul. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5195

    Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document.... Read more

    Affected Products : thinkfree_office_neo
    • EPSS Score: %1.14
    • Published: Jan. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49959

    In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST reques... Read more

    Affected Products : profinet-inspektor_nt
    • Published: Feb. 26, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-6677

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection.This issue affects Online Collection: before v.1.0.2. ... Read more

    Affected Products : online_collection
    • EPSS Score: %0.07
    • Published: Feb. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19740

    Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.... Read more

    Affected Products : oempro
    • EPSS Score: %0.91
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12585

    Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.... Read more

    Affected Products : pfsense apcupsd
    • EPSS Score: %11.68
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19840

    A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.... Read more

    • EPSS Score: %21.70
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17900

    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.... Read more

    • EPSS Score: %0.26
    • Published: Oct. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12797

    A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle.... Read more

    Affected Products : elm27_firmware elm27
    • EPSS Score: %0.35
    • Published: Jul. 31, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291737 Results