Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-27654

    Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.... Read more

    Affected Products : router_manager
    • EPSS Score: %3.35
    • Published: Oct. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27544

    An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py.... Read more

    Affected Products : client_advanced_control
    • EPSS Score: %2.33
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8662

    This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos
    • EPSS Score: %14.43
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25943

    iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution... Read more

    Affected Products : idrac9
    • Published: Jun. 29, 2024
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2020-27540

    Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a... Read more

    Affected Products : cs-c2shw_firmware cs-c2shw
    • EPSS Score: %0.20
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25927

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0. ... Read more

    Affected Products : postmash
    • Published: Feb. 28, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25910

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. ... Read more

    Affected Products : moveto
    • Published: Feb. 28, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-25912

    Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. ... Read more

    Affected Products : moveto
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25412

    com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.... Read more

    Affected Products : gnuplot gnuplot
    • EPSS Score: %0.68
    • Published: Sep. 16, 2020
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-25845

    In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.... Read more

    • Published: Mar. 08, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25843

    In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.... Read more

    Affected Products : import\/update_bulk_product
    • Published: Feb. 27, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2020-27507

    The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.... Read more

    Affected Products : kamailio
    • EPSS Score: %0.08
    • Published: Mar. 15, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-25849

    In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .... Read more

    Affected Products : make_an_offer\/offer_your_price
    • Published: Mar. 08, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-27481

    An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Param... Read more

    Affected Products : good_learning_management_system
    • EPSS Score: %51.48
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27422

    In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.... Read more

    Affected Products : time_tracker
    • EPSS Score: %9.00
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27416

    Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.... Read more

    Affected Products : mahavitaran
    • EPSS Score: %0.73
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27372

    A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.... Read more

    Affected Products : brandy
    • EPSS Score: %0.50
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25714

    In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has c... Read more

    Affected Products : debian_linux rhonabwy
    • EPSS Score: %0.14
    • Published: Feb. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-5027

    Collabtive 1.0 has incorrect access control... Read more

    Affected Products : collabtive
    • EPSS Score: %0.36
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4982

    AVTECH AVN801 DVR has a security bypass via the administration login captcha... Read more

    Affected Products : avn801_dvr_firmware avn801_dvr
    • EPSS Score: %4.00
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292387 Results