Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-3240

    Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these ... Read more

    • EPSS Score: %33.89
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-50357

    FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided e... Read more

    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2020-29510

    The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processin... Read more

    Affected Products : go trident
    • EPSS Score: %0.12
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32089

    An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information dis... Read more

    Affected Products : fx9500_firmware fx9500
    • EPSS Score: %1.64
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31962

    Kerberos AppContainer Security Feature Bypass Vulnerability... Read more

    • EPSS Score: %8.25
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-50330

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 12, 2024
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2020-28036

    wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.... Read more

    Affected Products : fedora debian_linux wordpress
    • EPSS Score: %2.49
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31932

    Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for t... Read more

    Affected Products : bts_trs_web_console
    • EPSS Score: %1.14
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27304

    The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handl... Read more

    • EPSS Score: %1.00
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31917

    A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this v... Read more

    Affected Products : data_grid infinispan-server-rest
    • EPSS Score: %0.43
    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31915

    In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.... Read more

    Affected Products : teamcity
    • EPSS Score: %0.16
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31909

    In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.... Read more

    Affected Products : teamcity
    • EPSS Score: %0.15
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31870

    An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.... Read more

    Affected Products : debian_linux klibc
    • EPSS Score: %1.28
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31921

    Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing conf... Read more

    Affected Products : istio
    • EPSS Score: %0.21
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-17530

    Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.... Read more

    • Actively Exploited
    • EPSS Score: %94.36
    • Published: Dec. 11, 2020
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2020-17523

    Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.... Read more

    Affected Products : shiro
    • EPSS Score: %88.77
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-54465

    A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Dec. 16, 2024

  • 9.8

    CRITICAL
    CVE-2020-17446

    asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.... Read more

    Affected Products : debian_linux asyncpg
    • EPSS Score: %2.14
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31873

    An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.... Read more

    Affected Products : debian_linux klibc
    • EPSS Score: %1.01
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-15866

    mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.... Read more

    Affected Products : debian_linux mruby
    • EPSS Score: %0.60
    • Published: Jul. 21, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292387 Results