Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-22204

    SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. .... Read more

    Affected Products : ecshop
    • EPSS Score: %0.51
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-5135

    A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12... Read more

    Affected Products : sonicos sonicosv
    • Actively Exploited
    • EPSS Score: %32.75
    • Published: Oct. 12, 2020
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2020-5312

    libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.... Read more

    Affected Products : ubuntu_linux fedora debian_linux pillow
    • EPSS Score: %2.29
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-6109

    An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary co... Read more

    Affected Products : zoom
    • EPSS Score: %0.50
    • Published: Jun. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-5358

    The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify v... Read more

    Affected Products : ektron_content_management_system
    • EPSS Score: %0.58
    • Published: Oct. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2019-6675

    BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system... Read more

    • EPSS Score: %0.14
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7165

    A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.... Read more

    Affected Products : fedora debian_linux dosbox
    • EPSS Score: %3.98
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-6815

    Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to ru... Read more

    Affected Products : firefox
    • EPSS Score: %0.45
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22001

    HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.... Read more

    Affected Products : homeautomation
    • EPSS Score: %0.24
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22203

    Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET requ... Read more

    Affected Products : whoogle-search whoogle_search
    • EPSS Score: %0.44
    • Published: Jan. 23, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5866

    Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome
    • EPSS Score: %0.42
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22080

    An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.... Read more

    Affected Products : g5dfr_firmware g5dfr
    • Published: Mar. 20, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-22074

    Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.32... Read more

    Affected Products : dynamsoft_service
    • Published: Jun. 06, 2024
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2012-5190

    Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability... Read more

    Affected Products : prizm_content_connect
    • EPSS Score: %10.75
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21994

    AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login infor... Read more

    • EPSS Score: %4.65
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9789

    Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vu... Read more

    Affected Products : firefox
    • EPSS Score: %0.44
    • Published: Apr. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-21990

    ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials. ... Read more

    • Published: Apr. 17, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2020-10109

    In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined ... Read more

    • EPSS Score: %3.06
    • Published: Mar. 12, 2020
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2018-14719

    FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.... Read more

    • EPSS Score: %3.53
    • Published: Jan. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21865

    ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.... Read more

    Affected Products : thinkphp50-cms
    • EPSS Score: %2.14
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292512 Results