Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-20390

    Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.... Read more

    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20391

    TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.... Read more

    Affected Products : cbw700n_firmware cbw700n
    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20399

    Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.... Read more

    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20401

    Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.... Read more

    Affected Products : 5352_firmware 5352
    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20248

    In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileRe... Read more

    Affected Products : quick_pdf_library
    • Published: Dec. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20480

    An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.... Read more

    Affected Products : s-cms
    • Published: Dec. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20568

    Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.... Read more

    Affected Products : generic_content_management_system
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20572

    WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.... Read more

    Affected Products : wuzhicms
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20605

    imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.... Read more

    Affected Products : imcat
    • Published: Dec. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-0247

    SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.... Read more

    Affected Products : cloud_connector
    • Published: Jan. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0670

    INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0669.... Read more

    Affected Products : inplc-rt
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16188

    SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), ... Read more

    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5886

    An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php du... Read more

    Affected Products : shopxo
    • Published: Jan. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5893

    Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.... Read more

    Affected Products : open_source_erp
    • Published: Jan. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-4281

    In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation.... Read more

    Affected Products : swiftnio
    • Published: Jan. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20716

    CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.... Read more

    Affected Products : cubecart
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20732

    SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.... Read more

    • Published: Jan. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6497

    Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.... Read more

    Affected Products : hotels_server
    • Published: Jan. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19635

    CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.... Read more

    • Published: Jan. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18941

    In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged use... Read more

    Affected Products : content_management
    • Published: Jan. 31, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293308 Results