Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-5179

    Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.... Read more

    Affected Products : chrome_os
    • EPSS Score: %3.35
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7890

    A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified sys... Read more

    • EPSS Score: %87.59
    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-41084

    Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device. ... Read more

    Affected Products : modulys_gp_firmware modulys_gp
    • EPSS Score: %0.07
    • Published: Sep. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-1000124

    I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be ex... Read more

    Affected Products : i_librarian i\,_librarian
    • EPSS Score: %0.41
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-40455

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos
    • EPSS Score: %0.27
    • Published: Sep. 27, 2023
    • Modified: May. 02, 2025

  • 10.0

    HIGH
    CVE-2018-5781

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrec... Read more

    Affected Products : connect_onsite st14.2
    • EPSS Score: %1.18
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5782

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethos... Read more

    Affected Products : connect_onsite st14.2
    • EPSS Score: %33.39
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6329

    It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary co... Read more

    Affected Products : backup
    • EPSS Score: %79.54
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6229

    A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.... Read more

    Affected Products : email_encryption_gateway
    • EPSS Score: %3.65
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10393

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. ... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-17773

    In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 8... Read more

    • EPSS Score: %0.58
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18067

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.... Read more

    Affected Products : android
    • EPSS Score: %1.25
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0541

    Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors.... Read more

    Affected Products : tinyftp
    • EPSS Score: %0.77
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-12815

    Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/... Read more

    Affected Products : remote_support
    • EPSS Score: %0.52
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-3991

    An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.... Read more

    Affected Products : freshtomato
    • EPSS Score: %1.28
    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-45128

    Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This ... Read more

    Affected Products : fiber
    • EPSS Score: %0.07
    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-45144

    com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross ... Read more

    Affected Products : oauth_identity
    • EPSS Score: %4.05
    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-4841

    A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation cou... Read more

    Affected Products : tim_1531_irc_firmware tim_1531_irc
    • EPSS Score: %3.00
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-0898

    MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.... Read more

    Affected Products : pivotal_software_mysql
    • EPSS Score: %0.31
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11010

    In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.... Read more

    Affected Products : android
    • EPSS Score: %0.58
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 290978 Results