Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-17393

    The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed... Read more

    Affected Products : server
    • Published: Oct. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12148

    The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenti... Read more

    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11933

    A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.... Read more

    Affected Products : whatsapp libpl_droidsonroids_gif
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2358

    Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.... Read more

    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2360

    Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.... Read more

    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4857

    D-Link DIR-865L has PHP File Inclusion in the router xml file.... Read more

    Affected Products : dir-865l_firmware dir-865l
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2009-4899

    pixelpost 1.7.1 has SQL injection... Read more

    Affected Products : pixelpost
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16897

    In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitra... Read more

    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15683

    TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear ... Read more

    Affected Products : turbovnc
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10762

    columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping.... Read more

    Affected Products : medoo
    • Published: Oct. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18632

    European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.... Read more

    Affected Products : eidas-node_integration_package
    • Published: Oct. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18364

    In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.... Read more

    Affected Products : teamcity
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18226

    Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibili... Read more

    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2738

    minidlna has SQL Injection that may allow retrieval of arbitrary files... Read more

    Affected Products : readymedia
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2260

    Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness... Read more

    Affected Products : cryptocat
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-1134

    Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.... Read more

    Affected Products : serendipity
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8121

    An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabil... Read more

    Affected Products : magento
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8158

    An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validati... Read more

    Affected Products : magento
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2006-0062

    xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window.... Read more

    Affected Products : xlockmore
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2006-3100

    termpkg 3.3 suffers from buffer overflow.... Read more

    Affected Products : termpkg
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292792 Results