Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-20569

    user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.... Read more

    Affected Products : generic_content_management_system
    • EPSS Score: %0.73
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20572

    WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.... Read more

    Affected Products : wuzhicms
    • EPSS Score: %0.26
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5203

    DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.... Read more

    Affected Products : dextuploadx5
    • EPSS Score: %2.00
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20605

    imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.... Read more

    Affected Products : imcat
    • EPSS Score: %0.99
    • Published: Dec. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18602

    The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.... Read more

    • EPSS Score: %0.34
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2018-19862

    Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued.... Read more

    Affected Products : minishare
    • EPSS Score: %37.83
    • Published: Jan. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-0246

    SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.... Read more

    Affected Products : cloud_connector
    • EPSS Score: %3.35
    • Published: Jan. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-0247

    SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.... Read more

    Affected Products : cloud_connector
    • EPSS Score: %0.57
    • Published: Jan. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0670

    INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0669.... Read more

    Affected Products : inplc-rt
    • EPSS Score: %0.92
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16188

    SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), ... Read more

    • EPSS Score: %0.74
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16203

    PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors.... Read more

    Affected Products : pgpooladmin
    • EPSS Score: %0.92
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5886

    An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php du... Read more

    Affected Products : shopxo
    • EPSS Score: %0.41
    • Published: Jan. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5893

    Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.... Read more

    Affected Products : open_source_erp
    • EPSS Score: %20.95
    • Published: Jan. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-4281

    In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation.... Read more

    Affected Products : swiftnio
    • EPSS Score: %0.54
    • Published: Jan. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20716

    CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.... Read more

    Affected Products : cubecart
    • EPSS Score: %0.26
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18814

    The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker t... Read more

    • EPSS Score: %2.07
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20732

    SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.... Read more

    • EPSS Score: %4.28
    • Published: Jan. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6497

    Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.... Read more

    Affected Products : hotels_server
    • EPSS Score: %0.24
    • Published: Jan. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19635

    CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.... Read more

    • EPSS Score: %0.49
    • Published: Jan. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18941

    In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged use... Read more

    Affected Products : content_management
    • EPSS Score: %0.93
    • Published: Jan. 31, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291756 Results