Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-11680

    KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image.... Read more

    Affected Products : konakart
    • EPSS Score: %1.19
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8923

    XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.... Read more

    Affected Products : xampp
    • EPSS Score: %11.79
    • Published: May. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6885

    An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. (This includes ... Read more

    Affected Products : web_services
    • EPSS Score: %0.56
    • Published: May. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-0153

    Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    • EPSS Score: %0.59
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12241

    The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.... Read more

    Affected Products : carts_guru
    • EPSS Score: %0.79
    • Published: May. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11231

    An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, aut... Read more

    Affected Products : getsimple_cms getsimplecms
    • EPSS Score: %61.68
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5863

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.59
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7841

    A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.... Read more

    Affected Products : u.motion_builder
    • Actively Exploited
    • EPSS Score: %59.14
    • Published: May. 22, 2019
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2019-6814

    A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder... Read more

    • EPSS Score: %66.93
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17060

    OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.46
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5210

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.48
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12288

    An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The at... Read more

    • EPSS Score: %0.34
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10752

    serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.... Read more

    Affected Products : serendipity
    • EPSS Score: %0.75
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10759

    The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.... Read more

    Affected Products : precurio
    • EPSS Score: %1.01
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20160

    ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %2.67
    • Published: May. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-4203

    IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.... Read more

    Affected Products : api_connect
    • EPSS Score: %0.48
    • Published: Apr. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9642

    An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest ac... Read more

    Affected Products : pydio
    • EPSS Score: %2.02
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-3725

    RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could expl... Read more

    Affected Products : netwitness security_analytics
    • EPSS Score: %5.45
    • Published: May. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8385

    An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to lis... Read more

    • EPSS Score: %10.68
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21426

    Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 an... Read more

    Affected Products : magento
    • EPSS Score: %0.40
    • Published: Apr. 21, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292510 Results