Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-2245

    A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated ... Read more

    Affected Products : hansuncms
    • EPSS Score: %0.29
    • Published: Apr. 22, 2023
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2020-9866

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution.... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %1.21
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9838

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %2.13
    • Published: Jun. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9670

    Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation.... Read more

    • EPSS Score: %2.33
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2092

    A vulnerability, which was classified as critical, has been found in SourceCodester Vehicle Service Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql ... Read more

    • EPSS Score: %0.05
    • Published: Apr. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2094

    A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql i... Read more

    • EPSS Score: %0.05
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-2064

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection.This issue affects eTrace: before 23.05.20. ... Read more

    Affected Products : etrace
    • EPSS Score: %0.07
    • Published: May. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2068

    The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In ... Read more

    Affected Products : file_manager_advanced_shortcode
    • EPSS Score: %71.98
    • Published: Jun. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9366

    A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.... Read more

    Affected Products : screen
    • EPSS Score: %0.73
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2032

    The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.... Read more

    Affected Products : custom_404_pro
    • EPSS Score: %0.20
    • Published: Jun. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8644

    PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.... Read more

    Affected Products : playsms
    • Actively Exploited
    • EPSS Score: %93.30
    • Published: Feb. 05, 2020
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-29985

    Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability.... Read more

    • EPSS Score: %0.21
    • Published: May. 18, 2023
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2020-8466

    A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.... Read more

    • EPSS Score: %27.27
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8444

    In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysis... Read more

    Affected Products : ossec
    • EPSS Score: %0.85
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2003

    Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved ... Read more

    Affected Products : vision1210_firmware vision1210
    • EPSS Score: %0.27
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29861

    An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device.... Read more

    Affected Products : dvtel_camera_firmware dvtel_camera
    • EPSS Score: %1.97
    • Published: May. 15, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-29827

    ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render ... Read more

    Affected Products : ejs
    • EPSS Score: %69.58
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2020-8257

    Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks... Read more

    Affected Products : gateway_plug-in
    • EPSS Score: %0.43
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29809

    SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.... Read more

    Affected Products : companymaps
    • EPSS Score: %2.79
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-29746

    An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files.... Read more

    Affected Products : the_thaiger
    • EPSS Score: %0.38
    • Published: Jun. 02, 2023
    • Modified: Jan. 31, 2025
Showing 20 of 292735 Results