Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-3582

    In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.... Read more

    Affected Products : ambari
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-3579

    XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.... Read more

    Affected Products : activemq_apollo
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-35575

    A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA7... Read more

    • Published: Dec. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3527

    When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authenticati... Read more

    Affected Products : spring_security
    • Published: May. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-35565

    An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.... Read more

    Affected Products : mbconnect24 mymbconnect24
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35550

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).... Read more

    Affected Products : android
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35551

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2... Read more

    Affected Products : android
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35527

    In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.... Read more

    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3448

    BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload... Read more

    Affected Products : bss_continuty_cms
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35476

    A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/G... Read more

    Affected Products : opentsdb
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35339

    In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.... Read more

    Affected Products : 74cms
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35313

    A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.... Read more

    Affected Products : wondercms
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35308

    CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code.... Read more

    Affected Products : conquest_dicom_server
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35337

    ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.... Read more

    Affected Products : thinksaas
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35442

    FDCMS (also known as Fangfa Content Management System) 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php.... Read more

    Affected Products : fdcms
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35263

    EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.... Read more

    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35243

    Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.... Read more

    Affected Products : flamingo
    • Published: Dec. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9548

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).... Read more

    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35205

    Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that a... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35198

    An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by t... Read more

    Affected Products : vxworks communications_eagle
    • Published: May. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293331 Results