Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2017-14723

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks....

Affected Products : wordpress
Published: Sep. 23, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2020-5723

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges....

Affected Products : ucm6204_firmware ucm6202_firmware ucm6208_firmware ucm6204 ucm6202 ucm6208
Published: Mar. 30, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2015-7261

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21....

Affected Products : signage_station iartist_lite
Published: Feb. 27, 2016

Modified: Apr. 12, 2025
9.8

CRITICAL

CVE-2017-15670

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string....

Affected Products : glibc
Published: Oct. 20, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2020-5656

Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digi...

Affected Products : melsec_iq-rj71eip91_firmware melsec_iq-rj71pn92_firmware melsec_iq-rd81dl96_firmware melsec_iq-rd81mes96n_firmware melsec_iq-rd81opc96_firmware melsec_iq-rj71eip91 melsec_iq-rj71pn92 melsec_iq-rd81dl96 melsec_iq-rd81mes96n melsec_iq-rd81opc96
Published: Nov. 02, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5647

Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’...

Affected Products : coreos gt1450-qlbde gt1450-qmbde gt1450hs-qmbde gt1455-qtbde gt1455hs-qtbde
Published: Nov. 06, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2024-35677

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12....

Affected Products : mega_menu
Published: Jun. 10, 2024

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5653

Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of se...

Affected Products : melsec_iq-rj71eip91_firmware melsec_iq-rj71pn92_firmware melsec_iq-rd81dl96_firmware melsec_iq-rd81mes96n_firmware melsec_iq-rd81opc96_firmware melsec_iq-rj71eip91 melsec_iq-rj71pn92 melsec_iq-rd81dl96 melsec_iq-rd81mes96n melsec_iq-rd81opc96
Published: Nov. 02, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5633

Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows...

Affected Products : baseboard_management_controller express5800\/gt110j express5800\/t110j express5800\/t110j-s express5800\/t110j-s_$2nd-gen$ express5800\/t110j_$2nd-gen$ istorage_ns100ti
Published: Jan. 13, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2015-3613

A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page...

Affected Products : fortimanager
Published: Feb. 04, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5616

[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] fre...

Affected Products : calendar01 calendar02 calendarform01 gallery01 link01 pkobo-news01 pkobo-vote01 telop01
Published: Aug. 04, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5608

CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacke...

Affected Products : centum_cs_3000_firmware centum_vp_firmware exaopc b\/m9000cs_firmware b\/m9000_vp_firmware b\/m9000vp_firmware b\/m9000cs centum_cs_3000 centum_vp b\/m9000vp
Published: Aug. 05, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5594

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors....

Affected Products : melsec_iq-r_firmware melsec_iq-f_firmware melsec-q_firmware melsec-l_firmware melsec-fx_firmware melsec_iq-r melsec_iq-f melsec-q melsec-l melsec-fx
Published: Jun. 23, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5644

Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00...

Affected Products : coreos gt1450-qlbde gt1450-qmbde gt1450hs-qmbde gt1455-qtbde gt1455hs-qtbde
Published: Nov. 06, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2015-3442

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call....

Affected Products : xpert.line
Published: Sep. 07, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2024-35510

An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file....

Affected Products : dedecms
Published: May. 28, 2024

Modified: Apr. 01, 2025
9.8

CRITICAL

CVE-2020-5595

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the...

Affected Products : coreos got2000_gt23 got2000_gt25 got2000_gt27
Published: Jul. 07, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5545

TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted ...

Affected Products : iu1-1m20-d_firmware iu1-1m20-d
Published: Mar. 16, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5531

Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module /...

Affected Products : r12ccpu-v_firmware mi5122-vw_firmware q24dhccpu-v_firmware q24dhccpu-vg_firmware rd55up06-v_firmware mi5122-vw q24dhccpu-v q24dhccpu-vg r12ccpu-v rd55up06-v
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2024-35409

WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php....

Affected Products : webid
Published: May. 22, 2024

Modified: May. 28, 2025

Showing 20 of 292796 Results

1
...
1391
1392
1393
1394
1395
1396
1397
...
14640

Browse by Apps

Latest CVE Feed

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable