Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-40874

    An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined wit... Read more

    Affected Products : debian_linux lemonldap\
    • EPSS Score: %0.35
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37930

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %37.38
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37918

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %36.01
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37761

    Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %37.38
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37539

    Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %38.22
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29441

    Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce ... Read more

    Affected Products : nacos
    • EPSS Score: %94.05
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26295

    Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.... Read more

    Affected Products : ofbiz
    • EPSS Score: %94.26
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27378

    An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.... Read more

    Affected Products : rand_core
    • EPSS Score: %0.47
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22803

    A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed mes... Read more

    • EPSS Score: %2.03
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21513

    Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploi... Read more

    Affected Products : openmanage_server_administrator
    • EPSS Score: %0.50
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8657

    An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin acc... Read more

    Affected Products : eyesofnetwork
    • Actively Exploited
    • EPSS Score: %85.17
    • Published: Feb. 06, 2020
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2020-6838

    In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c.... Read more

    Affected Products : mruby
    • EPSS Score: %0.42
    • Published: Jan. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-4854

    IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM ... Read more

    Affected Products : linux_kernel spectrum_protect_plus
    • EPSS Score: %0.23
    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-3943

    vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter run... Read more

    Affected Products : windows vrealize_operations
    • EPSS Score: %1.73
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7200

    A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.... Read more

    Affected Products : systems_insight_manager
    • EPSS Score: %83.78
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35476

    A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/G... Read more

    Affected Products : opentsdb
    • EPSS Score: %93.36
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28653

    Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %79.17
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28578

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.... Read more

    • EPSS Score: %58.54
    • Published: Nov. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14932

    compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.... Read more

    Affected Products : squirrelmail change_passwd
    • EPSS Score: %0.39
    • Published: Jun. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-0594

    Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    • EPSS Score: %2.78
    • Published: Jun. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291615 Results