Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-12526

    An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffe... Read more

    Affected Products : ubuntu_linux fedora debian_linux leap squid
    • EPSS Score: %8.54
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9262

    _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.... Read more

    • EPSS Score: %2.69
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18048

    An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.... Read more

    Affected Products : craigms
    • EPSS Score: %1.14
    • Published: Sep. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18013

    SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm.... Read more

    Affected Products : whatsns
    • EPSS Score: %0.51
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-17752

    Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON).... Read more

    Affected Products : mon
    • EPSS Score: %0.52
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18185

    class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.... Read more

    Affected Products : pluxml
    • EPSS Score: %0.48
    • Published: Oct. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-17510

    Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.... Read more

    Affected Products : debian_linux shiro
    • EPSS Score: %1.02
    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-17479

    jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array.... Read more

    Affected Products : json_pattern_validator
    • EPSS Score: %0.63
    • Published: Aug. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1015

    Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device.... Read more

    • EPSS Score: %2.10
    • Published: Jan. 29, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2020-17463

    FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.... Read more

    Affected Products : fuel_cms
    • Actively Exploited
    • EPSS Score: %11.84
    • Published: Aug. 13, 2020
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2020-17438

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset v... Read more

    Affected Products : contiki uip
    • EPSS Score: %2.36
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-2936

    Elgg through 1.7.10 has a SQL injection vulnerability... Read more

    Affected Products : elgg
    • EPSS Score: %0.32
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-17496

    vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.... Read more

    Affected Products : vbulletin
    • Actively Exploited
    • EPSS Score: %94.04
    • Published: Aug. 12, 2020
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2017-5404

    A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, ... Read more

    • EPSS Score: %23.67
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-17529

    Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impact... Read more

    Affected Products : nuttx
    • EPSS Score: %1.43
    • Published: Dec. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-17353

    scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.... Read more

    • EPSS Score: %1.26
    • Published: Aug. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-17086

    Raw Image Extension Remote Code Execution Vulnerability... Read more

    Affected Products : raw_image_extension
    • EPSS Score: %18.70
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-17078

    Raw Image Extension Remote Code Execution Vulnerability... Read more

    Affected Products : raw_image_extension
    • EPSS Score: %5.66
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-16846

    An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.... Read more

    Affected Products : fedora debian_linux leap salt
    • Actively Exploited
    • EPSS Score: %94.39
    • Published: Nov. 06, 2020
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2007-6762

    In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.80
    • Published: Jul. 27, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292316 Results