Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-36329

    A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.... Read more

    • EPSS Score: %0.62
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-36195

    An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerabil... Read more

    • EPSS Score: %2.02
    • Published: Apr. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35169

    Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.... Read more

    • EPSS Score: %0.18
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28017

    Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.... Read more

    Affected Products : exim
    • EPSS Score: %5.44
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25196

    The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.... Read more

    • EPSS Score: %0.11
    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25176

    Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it i... Read more

    • EPSS Score: %2.62
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-20703

    Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.... Read more

    Affected Products : vim
    • EPSS Score: %2.81
    • Published: Jun. 20, 2023
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2020-16846

    An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.... Read more

    Affected Products : fedora debian_linux leap salt
    • Actively Exploited
    • EPSS Score: %94.39
    • Published: Nov. 06, 2020
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2020-12823

    OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.... Read more

    Affected Products : fedora debian_linux leap openconnect
    • EPSS Score: %1.51
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-12501

    Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.... Read more

    • EPSS Score: %1.47
    • Published: Oct. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10018

    WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory han... Read more

    • EPSS Score: %2.49
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9791

    The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacemen... Read more

    • EPSS Score: %39.30
    • Published: Apr. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9217

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.14
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9025

    An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buf... Read more

    Affected Products : storage_automation_store php
    • EPSS Score: %0.56
    • Published: Feb. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9023

    An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data.... Read more

    • EPSS Score: %16.18
    • Published: Feb. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7198

    This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS... Read more

    Affected Products : quts_hero qts
    • EPSS Score: %3.07
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6808

    A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.... Read more

    • EPSS Score: %3.84
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6339

    In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (cor... Read more

    Affected Products : debian_linux drupal
    • EPSS Score: %78.50
    • Published: Jan. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5096

    An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free cond... Read more

    Affected Products : goahead
    • EPSS Score: %77.41
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5079

    An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets ca... Read more

    • EPSS Score: %1.08
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291358 Results