Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-12966

    FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input.... Read more

    Affected Products : fehelper
    • EPSS Score: %1.12
    • Published: Jun. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14885

    Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds.... Read more

    Affected Products : odoo
    • EPSS Score: %0.73
    • Published: Jun. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13082

    Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This mean... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %3.51
    • Published: Jun. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5497

    NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.... Read more

    • EPSS Score: %0.96
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7253

    Linear eMerge E3-Series devices allow Directory Traversal.... Read more

    • EPSS Score: %0.90
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13177

    verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occur... Read more

    Affected Products : django-rest-registration
    • EPSS Score: %0.40
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11425

    Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.... Read more

    • EPSS Score: %0.43
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12866

    An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.... Read more

    Affected Products : youtrack
    • EPSS Score: %0.00
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13372

    /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasse... Read more

    Affected Products : central_wifimanager
    • EPSS Score: %90.53
    • Published: Jul. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13400

    Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info.... Read more

    Affected Products : fcm-mb40_firmware fcm-mb40
    • EPSS Score: %0.42
    • Published: Jul. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12924

    MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read ... Read more

    Affected Products : mailenable
    • EPSS Score: %0.14
    • Published: Jul. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13470

    MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.... Read more

    Affected Products : matrixssl
    • EPSS Score: %0.43
    • Published: Jul. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10119

    eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This lead... Read more

    Affected Products : ccu3_firmware ccu2_firmware ccu3 ccu2
    • EPSS Score: %0.27
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10122

    eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution.... Read more

    Affected Products : ccu3_firmware ccu2_firmware ccu3 ccu2
    • EPSS Score: %3.51
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10653

    An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page.... Read more

    Affected Products : hsycms
    • EPSS Score: %0.26
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13276

    TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • EPSS Score: %3.91
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13279

    TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • EPSS Score: %5.22
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13507

    hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.... Read more

    Affected Products : az_admin
    • EPSS Score: %0.25
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-1010306

    Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unau... Read more

    Affected Products : slanger
    • EPSS Score: %1.82
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-1010044

    borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable.... Read more

    Affected Products : graphpass
    • EPSS Score: %0.92
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292758 Results