Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-8466

    A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.... Read more

    • EPSS Score: %27.27
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8444

    In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysis... Read more

    Affected Products : ossec
    • EPSS Score: %0.85
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2003

    Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved ... Read more

    Affected Products : vision1210_firmware vision1210
    • EPSS Score: %0.27
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29861

    An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device.... Read more

    Affected Products : dvtel_camera_firmware dvtel_camera
    • EPSS Score: %1.97
    • Published: May. 15, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-29827

    ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render ... Read more

    Affected Products : ejs
    • EPSS Score: %69.58
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2020-8257

    Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks... Read more

    Affected Products : gateway_plug-in
    • EPSS Score: %0.43
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29809

    SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.... Read more

    Affected Products : companymaps
    • EPSS Score: %2.79
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-29746

    An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files.... Read more

    Affected Products : the_thaiger
    • EPSS Score: %0.38
    • Published: Jun. 02, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2020-8114

    GitLab EE 8.9 and later through 12.7.2 has Insecure Permission... Read more

    Affected Products : gitlab
    • EPSS Score: %0.18
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29862

    An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.... Read more

    • EPSS Score: %1.97
    • Published: May. 15, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-29631

    PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.... Read more

    Affected Products : jms_slider
    • EPSS Score: %0.14
    • Published: Jun. 05, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-29711

    An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.... Read more

    Affected Products : psg-5124_firmware psg-5124
    • EPSS Score: %0.23
    • Published: Jun. 22, 2023
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2020-7458

    In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrar... Read more

    Affected Products : freebsd
    • EPSS Score: %1.57
    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29721

    SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.... Read more

    Affected Products : sofawiki
    • EPSS Score: %0.22
    • Published: May. 24, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-29542

    A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firef... Read more

    Affected Products : firefox firefox_esr thunderbird windows
    • EPSS Score: %0.12
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2020-6008

    LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution... Read more

    Affected Products : lifterlms
    • EPSS Score: %7.55
    • Published: Mar. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29531

    An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulne... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • EPSS Score: %0.95
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2023-29492

    Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.... Read more

    Affected Products : novi_survey novi_survey
    • Actively Exploited
    • EPSS Score: %25.53
    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29485

    An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention ... Read more

    Affected Products : macos thor windows
    • EPSS Score: %0.06
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29473

    webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710... Read more

    • EPSS Score: %0.45
    • Published: Apr. 06, 2023
    • Modified: Feb. 12, 2025
Showing 20 of 292714 Results