Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2015-9451

    The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.... Read more

    Affected Products : plugmatter_optin_feature_box
    • EPSS Score: %0.71
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9452

    The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.... Read more

    • EPSS Score: %0.71
    • Published: Oct. 07, 2019
    • Modified: Jan. 15, 2025

  • 9.8

    CRITICAL
    CVE-2019-12812

    MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution.... Read more

    Affected Products : windows mybuilder
    • EPSS Score: %1.47
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13336

    The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's p... Read more

    Affected Products : db01-s_firmware db01-s
    • EPSS Score: %1.17
    • Published: Oct. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-1584

    A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an at... Read more

    Affected Products : inspector
    • EPSS Score: %2.36
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9466

    The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.... Read more

    Affected Products : wti_like_post
    • EPSS Score: %0.73
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9467

    The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.... Read more

    Affected Products : broken_link_manager
    • EPSS Score: %0.66
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9479

    The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.... Read more

    Affected Products : acf_fronted_display
    • EPSS Score: %0.76
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21027

    Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.... Read more

    Affected Products : boa
    • EPSS Score: %0.74
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14948

    Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled ... Read more

    • EPSS Score: %4.78
    • Published: Oct. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17602

    An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %58.63
    • Published: Oct. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17662

    ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in clearte... Read more

    Affected Products : thinvnc
    • EPSS Score: %93.38
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8071

    Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.... Read more

    Affected Products : windows download_manager
    • EPSS Score: %0.65
    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13409

    A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password.... Read more

    Affected Products : topmeeting
    • EPSS Score: %0.26
    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17393

    The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed... Read more

    Affected Products : server
    • EPSS Score: %0.20
    • Published: Oct. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12148

    The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenti... Read more

    • EPSS Score: %0.63
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9499

    The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.... Read more

    Affected Products : showbiz_pro
    • EPSS Score: %64.46
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11933

    A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.... Read more

    Affected Products : whatsapp libpl_droidsonroids_gif
    • EPSS Score: %7.31
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2357

    Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.... Read more

    • EPSS Score: %0.84
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2358

    Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.... Read more

    • EPSS Score: %0.84
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291878 Results