Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-26011

    A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.... Read more

    • Published: Nov. 12, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2020-27745

    Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.... Read more

    Affected Products : debian_linux slurm
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7593

    Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.... Read more

    Affected Products : virtual_traffic_management
    • Actively Exploited
    • Published: Aug. 13, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2020-27619

    In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.... Read more

    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0802

    Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target p... Read more

    Affected Products :
    • Published: Mar. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27583

    IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the mai... Read more

    Affected Products : infosphere_information_server
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27654

    Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.... Read more

    Affected Products : router_manager
    • Published: Oct. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27544

    An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py.... Read more

    Affected Products : client_advanced_control
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8662

    This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25943

    iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution... Read more

    Affected Products : idrac9
    • Published: Jun. 29, 2024
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2020-27540

    Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a... Read more

    Affected Products : cs-c2shw_firmware cs-c2shw
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25927

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0. ... Read more

    Affected Products : postmash
    • Published: Feb. 28, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25910

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. ... Read more

    Affected Products : moveto
    • Published: Feb. 28, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-25912

    Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. ... Read more

    Affected Products : moveto
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25412

    com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.... Read more

    Affected Products : gnuplot gnuplot
    • Published: Sep. 16, 2020
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-25845

    In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.... Read more

    • Published: Mar. 08, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25843

    In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.... Read more

    Affected Products : import\/update_bulk_product
    • Published: Feb. 27, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2020-27507

    The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.... Read more

    Affected Products : kamailio
    • Published: Mar. 15, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-25849

    In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .... Read more

    Affected Products : make_an_offer\/offer_your_price
    • Published: Mar. 08, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-27481

    An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Param... Read more

    Affected Products : good_learning_management_system
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292849 Results