Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-14345

    TemaTres 3.0 allows remote unprivileged users to create an administrator account... Read more

    Affected Products : tematres
    • EPSS Score: %0.51
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1000006

    hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.... Read more

    Affected Products : hhvm
    • EPSS Score: %0.50
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-0824

    gnusound 0.7.5 has format string issue... Read more

    Affected Products : gnusound
    • EPSS Score: %0.51
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2091

    SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.73
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-3460

    cumin: At installation postgresql database user created without password... Read more

    • EPSS Score: %0.39
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3700

    eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data... Read more

    Affected Products : jboss_enterprise_web_server edeploy
    • EPSS Score: %3.14
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16340

    Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.... Read more

    • EPSS Score: %0.85
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11325

    An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.... Read more

    Affected Products : symfony
    • EPSS Score: %4.69
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-6310

    Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.... Read more

    Affected Products : debian_linux chicken
    • EPSS Score: %16.93
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-5582

    opendnssec misuses libcurl API... Read more

    Affected Products : opendnssec
    • EPSS Score: %0.56
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19250

    OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js.... Read more

    Affected Products : opentrade
    • EPSS Score: %0.31
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19492

    FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.... Read more

    Affected Products : freeswitch
    • EPSS Score: %35.48
    • Published: Dec. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12394

    Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication.... Read more

    Affected Products : management_system
    • EPSS Score: %0.90
    • Published: Dec. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19021

    An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.... Read more

    Affected Products : webtitan
    • EPSS Score: %0.44
    • Published: Dec. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19459

    An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to e... Read more

    Affected Products : proaccess_space
    • EPSS Score: %1.84
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5083

    An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attac... Read more

    Affected Products : imagegear
    • EPSS Score: %2.25
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11940

    In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Pr... Read more

    Affected Products : proxygen
    • EPSS Score: %0.42
    • Published: Dec. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19589

    The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn... Read more

    Affected Products : pdf_embedder
    • EPSS Score: %0.42
    • Published: Dec. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14910

    A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.... Read more

    Affected Products : keycloak single_sign-on
    • EPSS Score: %0.44
    • Published: Dec. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19594

    reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.... Read more

    Affected Products : prestashop stock_api_integration
    • EPSS Score: %5.56
    • Published: Dec. 05, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292510 Results