Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-7640

    pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization.... Read more

    Affected Products : pixl-class
    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7623

    jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument.... Read more

    Affected Products : jscover
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7630

    git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument.... Read more

    Affected Products : git-add-remote
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7725

    All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function.... Read more

    Affected Products : worksmith
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7619

    get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data.... Read more

    Affected Products : get-git-data
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7633

    apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument.... Read more

    Affected Products : apiconnect-cli-plugins
    • Published: Apr. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7625

    op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function.... Read more

    Affected Products : op-browser
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7627

    node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function.... Read more

    Affected Products : node-key-sender
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7603

    closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization.... Read more

    Affected Products : closure-compiler-stream
    • Published: Mar. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7718

    All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions.... Read more

    Affected Products : gammautils
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7605

    gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options.... Read more

    Affected Products : gulp-tape
    • Published: Mar. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7533

    CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.... Read more

    • Published: Dec. 01, 2020
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2020-7498

    A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which coul... Read more

    Affected Products : os_loader unity_loader
    • Published: Jun. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7540

    A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that ... Read more

    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7489

    A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result... Read more

    • Published: Apr. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7617

    ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload.... Read more

    Affected Products : ini-parser
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7472

    An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCR... Read more

    Affected Products : sugarcrm
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7454

    In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write conditio... Read more

    Affected Products : freebsd
    • Published: May. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7497

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application executio... Read more

    • Published: Jun. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7450

    In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password c... Read more

    Affected Products : freebsd
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results