Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-3975

    Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.... Read more

    Affected Products : webaccess webaccess\/scada
    • EPSS Score: %18.59
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11495

    In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force... Read more

    Affected Products : couchbase_server
    • EPSS Score: %0.59
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14457

    VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.... Read more

    Affected Products : camera
    • EPSS Score: %0.67
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10256

    An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.... Read more

    Affected Products : camera
    • EPSS Score: %0.63
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10942

    The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.... Read more

    Affected Products : podlove_podcast_publisher
    • EPSS Score: %0.98
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10954

    The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload.... Read more

    Affected Products : neosense
    • EPSS Score: %0.84
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10955

    The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.... Read more

    Affected Products : cysteme-finder
    • EPSS Score: %0.84
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7081

    A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a proce... Read more

    Affected Products : arubaos
    • EPSS Score: %1.94
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16309

    FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.... Read more

    Affected Products : flamecms
    • EPSS Score: %45.92
    • Published: Sep. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16314

    Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.... Read more

    Affected Products : indexhibit
    • EPSS Score: %50.02
    • Published: Sep. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10972

    The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.... Read more

    Affected Products : newspaper
    • EPSS Score: %4.32
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15131

    In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and s... Read more

    Affected Products : code42
    • EPSS Score: %1.13
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16199

    eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.... Read more

    • EPSS Score: %45.81
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13550

    In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.... Read more

    Affected Products : webaccess
    • EPSS Score: %0.73
    • Published: Sep. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-3758

    RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the sys... Read more

    Affected Products : archer
    • EPSS Score: %0.77
    • Published: Sep. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15088

    An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.... Read more

    Affected Products : adas
    • EPSS Score: %0.51
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21018

    Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.... Read more

    Affected Products : mastodon
    • EPSS Score: %1.64
    • Published: Sep. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16693

    phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.... Read more

    Affected Products : phpipam
    • EPSS Score: %0.76
    • Published: Sep. 22, 2019
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2019-16694

    phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.... Read more

    Affected Products : phpipam
    • EPSS Score: %0.76
    • Published: Sep. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16695

    phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.... Read more

    Affected Products : phpipam
    • EPSS Score: %0.76
    • Published: Sep. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291887 Results