Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-5955

    An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.... Read more

    Affected Products : gitstack
    • Published: Jan. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-2738

    VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by se... Read more

    Affected Products : vcm5010_firmware vcm5010
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9435

    Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).... Read more

    Affected Products : dolibarr_erp\/crm dolibarr
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-3185

    ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose tha... Read more

    Affected Products : camera_firmware
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-7180

    SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.... Read more

    Affected Products : astro
    • Published: Feb. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7315

    SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.... Read more

    Affected Products : ek_rishta
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7318

    SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.... Read more

    Affected Products : data_integrator checklist
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7497

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer deref... Read more

    • Published: May. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7477

    SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.... Read more

    Affected Products : school_management_script
    • Published: Feb. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000554

    Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in afte... Read more

    Affected Products : trovebox
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2034

    SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.... Read more

    Affected Products : clearpass
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5358

    Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function.... Read more

    Affected Products : easycom_for_php
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-10284

    Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter.... Read more

    Affected Products : g-ticket
    • Published: Apr. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9580

    A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002.... Read more

    Affected Products : android
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9847

    In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.... Read more

    Affected Products : gxlcms_qy
    • Published: Apr. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-6080

    An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly t... Read more

    Affected Products : zammad
    • Published: Mar. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2019-0172

    A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access.... Read more

    Affected Products : unite
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-1010009

    DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. The impact is: Remote Execution, Credential Leaks. The component is: IoT API. The attack vector is: Any Accessible Server.... Read more

    Affected Products : dglux_server
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-7405

    On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative sess... Read more

    Affected Products : dir-615 dir-615
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2019-10104

    In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX serv... Read more

    Affected Products : intellij_idea
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293425 Results