Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-28503

    The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality.... Read more

    Affected Products : copy-props
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-125029

    A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql inje... Read more

    Affected Products : paginationserviceprovider
    • Published: Jan. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28499

    All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .... Read more

    Affected Products : merge
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10387

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.... Read more

    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28472

    This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on th... Read more

    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10074

    Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.... Read more

    Affected Products : umbraco_cms
    • Published: Aug. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28480

    The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, le... Read more

    Affected Products : jointjs jointjs
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28453

    This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.... Read more

    Affected Products : npos-tesseract
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16871

    Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.... Read more

    Affected Products : twincat twincat
    • Published: Dec. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5481

    Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.... Read more

    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28451

    This affects the package image-tiler before 2.0.2.... Read more

    Affected Products : image-tiler
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27198

    In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible... Read more

    Affected Products : teamcity
    • Actively Exploited
    • Published: Mar. 04, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2020-28439

    This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:... Read more

    Affected Products : corenlp-js-prefab
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4002

    Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary co... Read more

    Affected Products : ubuntu_linux fedora debian_linux qemu
    • Published: Apr. 26, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-26935

    An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious... Read more

    • Published: Oct. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28443

    This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.... Read more

    Affected Products : sonar-wrapper
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28434

    This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js.... Read more

    Affected Products : gitblame
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28437

    This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js.... Read more

    Affected Products : heroku-env
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6980

    Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: May. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27174

    Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score l... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293186 Results