Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-16696

    phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.... Read more

    Affected Products : phpipam
    • EPSS Score: %0.76
    • Published: Sep. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16377

    The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control.... Read more

    Affected Products : consul
    • EPSS Score: %1.34
    • Published: Sep. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16880

    An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method.... Read more

    Affected Products : linea
    • EPSS Score: %0.43
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12204

    In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.... Read more

    Affected Products : silverstripe
    • EPSS Score: %0.83
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9435

    The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.... Read more

    Affected Products : oauth_server
    • EPSS Score: %0.52
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16755

    BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected D... Read more

    Affected Products : myit_digital_workplace
    • EPSS Score: %3.50
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16894

    download.php in inoERP 4.15 allows SQL injection through insecure deserialization.... Read more

    Affected Products : inoerp
    • EPSS Score: %1.15
    • Published: Sep. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6012

    The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function.... Read more

    Affected Products : mini-8_firmware mini-8
    • EPSS Score: %0.51
    • Published: Nov. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-4481

    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delet... Read more

    • EPSS Score: %0.45
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-4483

    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delet... Read more

    • EPSS Score: %0.45
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9301

    In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10And... Read more

    Affected Products : android
    • EPSS Score: %0.65
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-3766

    Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.... Read more

    Affected Products : emc_elastic_cloud_storage
    • EPSS Score: %2.02
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16999

    CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI.... Read more

    Affected Products : cloudboot
    • EPSS Score: %0.26
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13335

    SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.... Read more

    Affected Products : suitecrm
    • EPSS Score: %0.59
    • Published: Oct. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14454

    SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.... Read more

    Affected Products : suitecrm
    • EPSS Score: %0.53
    • Published: Oct. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12630

    A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied ... Read more

    Affected Products : security_manager
    • EPSS Score: %32.49
    • Published: Oct. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13957

    In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.... Read more

    Affected Products : umbraco_cms umbraco
    • EPSS Score: %0.44
    • Published: Oct. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16891

    Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.... Read more

    Affected Products : liferay_portal
    • EPSS Score: %81.29
    • Published: Oct. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17192

    The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or p... Read more

    Affected Products : private_messenger
    • EPSS Score: %1.15
    • Published: Oct. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15748

    SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes... Read more

    Affected Products : sitos_six
    • EPSS Score: %2.03
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291887 Results