Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-15521

    Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.... Read more

    Affected Products : fork_cms spoon_library
    • EPSS Score: %0.68
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15565

    The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php.... Read more

    Affected Products : icommktconnector
    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15567

    OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature.... Read more

    Affected Products : arena
    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15569

    HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java.... Read more

    Affected Products : ccd-data-store-api
    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15570

    BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.... Read more

    Affected Products : bedita
    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15556

    Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php.... Read more

    Affected Products : social_network
    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15573

    Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php.... Read more

    Affected Products : gesior-aac
    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15558

    XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.... Read more

    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20998

    An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption.... Read more

    Affected Products : arrayfire
    • EPSS Score: %0.43
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15533

    XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php.... Read more

    Affected Products : xenfcoresharp
    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15548

    An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled.... Read more

    Affected Products : ncurses
    • EPSS Score: %0.59
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9569

    Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors.... Read more

    Affected Products : entelibus_firmware entelibus
    • EPSS Score: %6.94
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15657

    In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code.... Read more

    Affected Products : eslint-utils
    • EPSS Score: %0.52
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11652

    A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as ap... Read more

    • EPSS Score: %0.52
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21004

    The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.... Read more

    Affected Products : rsvpmaker rsvpmaker
    • EPSS Score: %0.65
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21005

    The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.... Read more

    Affected Products : bbpress_move_topics
    • EPSS Score: %0.99
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15659

    The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969.... Read more

    Affected Products : pie_register pie-register
    • EPSS Score: %0.55
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9352

    The wp-polls plugin before 2.72 for WordPress has SQL injection.... Read more

    Affected Products : wp-polls
    • EPSS Score: %0.51
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-6719

    The sharebar plugin before 1.2.2 for WordPress has SQL injection.... Read more

    Affected Products : sharebar
    • EPSS Score: %0.55
    • Published: Aug. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21007

    The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.... Read more

    • EPSS Score: %0.71
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291871 Results