Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2021-27852

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7....

Affected Products : survey
Actively Exploited

EPSS Score: %21.14

Published: May. 27, 2021

Modified: Feb. 19, 2025
9.8

CRITICAL

CVE-2021-27646

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests....

Affected Products : diskstation_manager diskstation_manager
EPSS Score: %2.20

Published: Mar. 12, 2021

Modified: Jan. 14, 2025
9.8

CRITICAL

CVE-2021-27103

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later....

Affected Products : fta
Actively Exploited

EPSS Score: %5.46

Published: Feb. 16, 2021

Modified: Feb. 04, 2025
9.8

CRITICAL

CVE-2021-26893

Windows DNS Server Remote Code Execution Vulnerability...

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server_20h2 windows_server_1909 windows_server_2004 windows_server_2012_r2 windows_server_2008_r2 windows_server_2008_sp2
EPSS Score: %8.31

Published: Mar. 11, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-25149

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba...

Affected Products : instant scalance_w1750d_firmware instant scalance_w1750d
EPSS Score: %0.71

Published: Mar. 30, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-23158

A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service....

Affected Products : htmldoc
EPSS Score: %0.44

Published: Mar. 16, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-22681

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 55...

Affected Products : studio_5000_logix_designer factorytalk_services_platform rslogix_5000 compactlogix_5380 compactlogix_5480 controllogix_5580 guardlogix_5580 compact_guardlogix_5370 compact_guardlogix_5380 compactlogix_1768 +10 more products
EPSS Score: %0.12

Published: Mar. 03, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-21998

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access...

Affected Products : carbon_black_app_control
EPSS Score: %0.49

Published: Jun. 23, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE....

Affected Products : debian_linux leap rails
EPSS Score: %90.96

Published: Jun. 19, 2020

Modified: May. 09, 2025
9.8

CRITICAL

CVE-2020-7788

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context....

Affected Products : debian_linux ini
EPSS Score: %0.29

Published: Dec. 11, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-7489

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result...

Affected Products : modicon_m221_firmware ecostruxure_machine_expert somachine_basic modicon_m100_firmware modicon_m200_firmware modicon_m221 modicon_m100 modicon_m200
EPSS Score: %0.47

Published: Apr. 22, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-6995

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access....

Affected Products : pt-7528-24tx-hv_firmware pt-7528-24tx-hv-hv_firmware pt-7528-24tx-wv_firmware pt-7528-24tx-wv-hv_firmware pt-7528-24tx-wv-wv_firmware pt-7528-12msc-12tx-4gsfp-hv_firmware pt-7528-12msc-12tx-4gsfp-hv-hv_firmware pt-7528-12msc-12tx-4gsfp-wv_firmware pt-7528-12msc-12tx-4gsfp-wv-wv_firmware pt-7528-12mst-12tx-4gsfp-hv_firmware +100 more products
EPSS Score: %0.37

Published: Mar. 24, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-6991

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force....

Affected Products : eds-g516e_firmware eds-510e_firmware eds-g516e eds-510e
EPSS Score: %0.29

Published: Mar. 24, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-6009

LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection....

Affected Products : learndash
EPSS Score: %0.88

Published: Apr. 01, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5955

An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges....

Affected Products : insydeh2o_uefi_bios ice_lake tiger_lake whitley-sp grantley-ep elkhart_lake purley-ep_refresh_neon_city comet_lake_rvp comet_lake whiskey_lake_rvp +11 more products
EPSS Score: %0.72

Published: Nov. 03, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5609

Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 al...

Affected Products : centum_cs_3000_firmware centum_vp_firmware exaopc b\/m9000cs_firmware b\/m9000_vp_firmware b\/m9000vp_firmware b\/m9000cs centum_cs_3000 centum_vp b\/m9000vp
EPSS Score: %4.51

Published: Aug. 05, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-5531

Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module /...

Affected Products : r12ccpu-v_firmware mi5122-vw_firmware q24dhccpu-v_firmware q24dhccpu-vg_firmware rd55up06-v_firmware mi5122-vw q24dhccpu-v q24dhccpu-vg r12ccpu-v rd55up06-v
EPSS Score: %0.77

Published: Feb. 17, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-3787

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution....

Affected Products : macos photoshop_cc windows photoshop photoshop_2020
EPSS Score: %10.06

Published: Mar. 25, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-3849

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution....

Affected Products : macos mac_os_x
EPSS Score: %0.86

Published: Apr. 01, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-3125

A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected d...

Affected Products : adaptive_security_appliance_software asa_5585-x_firmware asa_5512-x_firmware asa_5515-x_firmware asa_5505_firmware asa_5510_firmware asa_5520_firmware asa_5525-x_firmware asa_5540_firmware asa_5545-x_firmware +15 more products
EPSS Score: %1.17

Published: May. 06, 2020

Modified: Nov. 21, 2024

Showing 20 of 291335 Results

1
...
1418
1419
1420
1421
1422
1423
1424
...
14567

Latest CVE Feed

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable