Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2010-4533

    offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.... Read more

    Affected Products : debian_linux offlineimap
    • EPSS Score: %0.28
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18952

    SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP.... Read more

    Affected Products : xfilesharing
    • EPSS Score: %32.21
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14345

    TemaTres 3.0 allows remote unprivileged users to create an administrator account... Read more

    Affected Products : tematres
    • EPSS Score: %0.51
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-0703

    In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.... Read more

    Affected Products : debian_linux gksu-polkit
    • EPSS Score: %0.43
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13581

    An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to ca... Read more

    Affected Products : 88w8688_firmware 88w8688
    • EPSS Score: %3.74
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-5331

    Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval.... Read more

    Affected Products : distributed_ruby
    • EPSS Score: %1.29
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20687

    An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a cra... Read more

    Affected Products : commandcenter_secure_gateway
    • EPSS Score: %1.59
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-1000006

    hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.... Read more

    Affected Products : hhvm
    • EPSS Score: %0.50
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-0824

    gnusound 0.7.5 has format string issue... Read more

    Affected Products : gnusound
    • EPSS Score: %0.51
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-4660

    Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..... Read more

    Affected Products : statusnet
    • EPSS Score: %0.42
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2091

    SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.73
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-3460

    cumin: At installation postgresql database user created without password... Read more

    • EPSS Score: %0.39
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3700

    eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data... Read more

    Affected Products : jboss_enterprise_web_server edeploy
    • EPSS Score: %3.14
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16340

    Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.... Read more

    • EPSS Score: %0.85
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-8879

    Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET... Read more

    Affected Products : rt-ac66u_firmware rt-ac66u
    • EPSS Score: %32.01
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18349

    HotkeyP through 4.9 r96 allows privilege escalation in the privilege function in Commands.cpp.... Read more

    Affected Products : hotkeyp
    • EPSS Score: %0.51
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11325

    An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.... Read more

    Affected Products : symfony
    • EPSS Score: %4.69
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-6310

    Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.... Read more

    Affected Products : debian_linux chicken
    • EPSS Score: %16.93
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-5582

    opendnssec misuses libcurl API... Read more

    Affected Products : opendnssec
    • EPSS Score: %0.56
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19250

    OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js.... Read more

    Affected Products : opentrade
    • EPSS Score: %0.31
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291878 Results