Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2021-2064

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via II...

Affected Products : weblogic_server
EPSS Score: %29.69

Published: Jan. 20, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-20308

Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181....

Affected Products : debian_linux htmldoc
EPSS Score: %0.55

Published: Apr. 05, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-20045

A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v ...

Affected Products : sma_210_firmware sma_410_firmware sma_500v_firmware sma_200_firmware sma_400_firmware sma_210 sma_410 sma_500v sma_200 sma_400
EPSS Score: %2.93

Published: Dec. 08, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-1870

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code executio...

Affected Products : fedora macos mac_os_x iphone_os ipad_os webkitgtk ipados
Actively Exploited

EPSS Score: %0.49

Published: Apr. 02, 2021

Modified: Feb. 28, 2025
9.8

CRITICAL

CVE-2021-1694

Windows Update Stack Elevation of Privilege Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products
EPSS Score: %0.76

Published: Jan. 12, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-1619

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, ...

Affected Products : ios_xe ios_xe_sd-wan ios_xe_sd-wan_16.10.1_when_installed_on_1000_series_integrated_services ios_xe_sd-wan_16.10.1_when_installed_on_4000_series_integrated_services ios_xe_sd-wan_16.10.1_when_installed_on_asr_1000_series_aggregation_services ios_xe_sd-wan_16.10.1_when_installed_on_integrated_services_virtual ios_xe_sd-wan_16.10.2_when_installed_on_1000_series_integrated_services ios_xe_sd-wan_16.10.2_when_installed_on_4000_series_integrated_services ios_xe_sd-wan_16.10.2_when_installed_on_asr_1000_series_aggregation_services ios_xe_sd-wan_16.10.2_when_installed_on_integrated_services_virtual +136 more products
EPSS Score: %1.24

Published: Sep. 23, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-1610

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) co...

Affected Products : small_business_rv_series_router_firmware small_business_rv340 small_business_rv345 small_business_rv345p small_business_rv340w
EPSS Score: %0.66

Published: Aug. 04, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-0254

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to...

Affected Products : junos
EPSS Score: %0.64

Published: Apr. 22, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-9850

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able...

Affected Products : itunes iphone_os tvos watchos safari icloud ipados
EPSS Score: %84.34

Published: Jun. 09, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-9671

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation....

Affected Products : windows creative_cloud_desktop_application
EPSS Score: %0.47

Published: Jul. 17, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-8479

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to...

Affected Products : 800xa_system compact_hmi control_builder_safe symphony_plus_s\+_operations
EPSS Score: %0.57

Published: Apr. 29, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-8443

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delive...

Affected Products : ossec
EPSS Score: %0.76

Published: Jan. 30, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-7774

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution....

Affected Products : sinec_infrastructure_network_services graalvm y18n
EPSS Score: %0.68

Published: Nov. 17, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-7475

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (...

Affected Products : ecostruxure_control_expert unity_pro modicon_m580_firmware modicon_m340_firmware modicon_m340 modicon_m580
EPSS Score: %0.57

Published: Mar. 23, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimit...

Affected Products : django
EPSS Score: %7.77

Published: Feb. 03, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-6989

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code....

Affected Products : pt-7528-24tx-hv_firmware pt-7528-24tx-hv-hv_firmware pt-7528-24tx-wv_firmware pt-7528-24tx-wv-hv_firmware pt-7528-24tx-wv-wv_firmware pt-7528-12msc-12tx-4gsfp-hv_firmware pt-7528-12msc-12tx-4gsfp-hv-hv_firmware pt-7528-12msc-12tx-4gsfp-wv_firmware pt-7528-12msc-12tx-4gsfp-wv-wv_firmware pt-7528-12mst-12tx-4gsfp-hv_firmware +100 more products
EPSS Score: %1.42

Published: Mar. 24, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-6814

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vuln...

Affected Products : firefox firefox_esr thunderbird ubuntu_linux
EPSS Score: %0.92

Published: Mar. 25, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-3793

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arb...

Affected Products : acrobat_dc acrobat_reader_dc macos windows
EPSS Score: %25.38

Published: Mar. 25, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-36328

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as we...

Affected Products : enterprise_linux debian_linux ontap_select_deploy_administration_utility iphone_os ipados libwebp
EPSS Score: %0.65

Published: May. 21, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-3240

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these ...

Affected Products : ucs_director ucs_director_express_for_big_data
EPSS Score: %33.89

Published: Apr. 15, 2020

Modified: Nov. 21, 2024

Showing 20 of 291570 Results

1
...
1402
1403
1404
1405
1406
1407
1408
...
14579

Latest CVE Feed

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable