Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-11020

    Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2015-7182

    Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a den... Read more

    • EPSS Score: %18.41
    • Published: Nov. 05, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-11018

    Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.... Read more

    Affected Products : webopac
    • Published: Nov. 11, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2022-36944

    Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase c... Read more

    Affected Products : fedora scala scala-collection-compat
    • EPSS Score: %72.59
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2020-13916

    A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, ... Read more

    Affected Products : unleashed_firmware r310 r500 r600 t300 t301n t301s h320 h510 r710 +15 more products
    • EPSS Score: %1.16
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13804

    An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.... Read more

    Affected Products : phantompdf reader
    • EPSS Score: %0.03
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13814

    An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary.... Read more

    Affected Products : phantompdf reader
    • EPSS Score: %0.03
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16550

    TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.... Read more

    Affected Products : teamviewer vbase_web-remote
    • EPSS Score: %0.15
    • Published: Sep. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10918

    Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.... Read more

    Affected Products : libmodbus
    • Published: Feb. 27, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-13693

    An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.... Read more

    Affected Products : bbpress
    • EPSS Score: %44.77
    • Published: May. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0712

    Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS.... Read more

    Affected Products : qts
    • EPSS Score: %2.73
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10915

    A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the ... Read more

    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2020-13675

    Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validatio... Read more

    Affected Products : drupal
    • EPSS Score: %0.51
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13665

    Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.... Read more

    Affected Products : drupal
    • EPSS Score: %0.55
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13640

    A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.)... Read more

    Affected Products : wpdiscuz
    • EPSS Score: %21.92
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13619

    php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution.... Read more

    Affected Products : locutus locutus_php
    • EPSS Score: %1.22
    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13656

    In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution.... Read more

    Affected Products : hobbes
    • EPSS Score: %1.26
    • Published: Jun. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13601

    Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44... Read more

    Affected Products : zephyr
    • EPSS Score: %0.43
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13585

    An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : imagegear
    • EPSS Score: %0.71
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13572

    A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide... Read more

    Affected Products : imagegear
    • EPSS Score: %1.18
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292522 Results