Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-23302

    There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0... Read more

    Affected Products : jerryscript
    • EPSS Score: %0.36
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23426

    zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.... Read more

    Affected Products : zzcms
    • EPSS Score: %0.12
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-7564

    Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (... Read more

    Affected Products : teampass
    • EPSS Score: %1.89
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2019-3949

    Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code o... Read more

    • EPSS Score: %0.50
    • Published: Jul. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-4059

    IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.... Read more

    Affected Products : rational_clearcase
    • EPSS Score: %0.30
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23907

    An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution.... Read more

    Affected Products : retdec
    • EPSS Score: %2.15
    • Published: Apr. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18857

    The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement.... Read more

    Affected Products : insight
    • EPSS Score: %0.48
    • Published: Apr. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15825

    The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.... Read more

    Affected Products : wps_hide_login
    • EPSS Score: %1.02
    • Published: Aug. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-4651

    IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.26
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15913

    An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home ... Read more

    • EPSS Score: %0.34
    • Published: Dec. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16114

    In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which a... Read more

    Affected Products : atutor
    • EPSS Score: %20.80
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25049

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020).... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25111

    An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.... Read more

    Affected Products : contiki-os
    • EPSS Score: %11.57
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16194

    SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.... Read more

    Affected Products : centreon
    • EPSS Score: %0.15
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25147

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to ... Read more

    Affected Products : observium
    • EPSS Score: %0.37
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16246

    Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.... Read more

    Affected Products : solismed
    • EPSS Score: %1.28
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16272

    On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement.... Read more

    Affected Products : d5_firmware d7_firmware d5 d7
    • EPSS Score: %0.42
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-3694

    Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status paramete... Read more

    Affected Products : ecommerce_shopsoftware
    • EPSS Score: %1.12
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-25253

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password pa... Read more

    Affected Products : onbase
    • EPSS Score: %0.26
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25278

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsun... Read more

    Affected Products : android
    • EPSS Score: %0.19
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291756 Results