Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2019-7290

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : shortcuts
    • EPSS Score: %0.52
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-28250

    Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side.... Read more

    Affected Products : nvt_web_server
    • EPSS Score: %2.60
    • Published: Nov. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-28183

    SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.... Read more

    Affected Products : water_billing_system
    • EPSS Score: %1.13
    • Published: Nov. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-2623

    Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."... Read more

    Affected Products : rippy_the_aggregator
    • EPSS Score: %0.86
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-2899

    Unspecified vulnerability in includes/classes/page.php in j00lean-CMS 1.03 has unknown impact and attack vectors.... Read more

    Affected Products : j00lean-cms
    • EPSS Score: %0.38
    • Published: Jun. 27, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-29311

    Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.... Read more

    Affected Products : ubilling
    • EPSS Score: %8.53
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-20049

    An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directo... Read more

    Affected Products : omnivista_4760
    • EPSS Score: %29.44
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2006

    In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed f... Read more

    Affected Products : android
    • EPSS Score: %0.14
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-29575

    The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root... Read more

    Affected Products : elixir_alpine_docker_image
    • EPSS Score: %2.07
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-4573

    Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D,... Read more

    • EPSS Score: %7.63
    • Published: Sep. 09, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-35185

    The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access ... Read more

    Affected Products : ghost_alpine_docker_image
    • EPSS Score: %2.01
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35184

    The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank passwor... Read more

    Affected Products : composer_docker_image
    • EPSS Score: %2.01
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35192

    The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : vault
    • EPSS Score: %2.01
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2205

    In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • EPSS Score: %7.72
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-8880

    Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.... Read more

    Affected Products : php
    • EPSS Score: %1.79
    • Published: May. 22, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-35729

    KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.... Read more

    Affected Products : klog_server
    • EPSS Score: %92.64
    • Published: Dec. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9932

    Various Lexmark products have a Buffer Overflow (issue 2 of 3).... Read more

    • EPSS Score: %0.48
    • Published: Aug. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-2734

    webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.... Read more

    Affected Products : netware
    • EPSS Score: %0.92
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-36177

    RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.... Read more

    Affected Products : wolfssl
    • EPSS Score: %0.63
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-4808

    Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors.... Read more

    Affected Products : service_manager service_center
    • EPSS Score: %4.20
    • Published: Aug. 18, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 290974 Results