Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-26892

    The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.... Read more

    Affected Products : fedora nats-server
    • EPSS Score: %0.55
    • Published: Nov. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14906

    A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copyin... Read more

    • EPSS Score: %1.07
    • Published: Jan. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25506

    D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.... Read more

    Affected Products : dns-320_firmware dns-320
    • Actively Exploited
    • EPSS Score: %93.86
    • Published: Feb. 02, 2021
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2020-2546

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attack... Read more

    Affected Products : weblogic_server
    • EPSS Score: %29.69
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-2509

    A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versio... Read more

    Affected Products : quts_hero qts
    • Actively Exploited
    • EPSS Score: %74.04
    • Published: Apr. 17, 2021
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2020-2507

    The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.... Read more

    Affected Products : helpdesk
    • EPSS Score: %1.61
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-2506

    The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This... Read more

    Affected Products : helpdesk
    • Actively Exploited
    • EPSS Score: %31.57
    • Published: Feb. 03, 2021
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2020-24978

    In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.... Read more

    Affected Products : netwide_assembler
    • EPSS Score: %0.41
    • Published: Sep. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-24698

    An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending craft... Read more

    Affected Products : authoritative_server authoritative
    • EPSS Score: %0.07
    • Published: Oct. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-24660

    An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handle... Read more

    Affected Products : debian_linux lemonldap\
    • EPSS Score: %0.68
    • Published: Sep. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-24027

    In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.... Read more

    Affected Products : liblivemedia
    • EPSS Score: %0.55
    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22669

    Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection ... Read more

    • EPSS Score: %0.06
    • Published: Sep. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22617

    Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.... Read more

    Affected Products : ardour
    • EPSS Score: %0.57
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22083

    jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing ar... Read more

    Affected Products : jsonpickle
    • EPSS Score: %4.67
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14271

    In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.... Read more

    Affected Products : debian_linux leap docker moby
    • EPSS Score: %72.20
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14201

    An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.... Read more

    Affected Products : u-boot
    • EPSS Score: %0.44
    • Published: Jul. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14193

    An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.... Read more

    Affected Products : u-boot
    • EPSS Score: %0.42
    • Published: Jul. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1992

    A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. T... Read more

    Affected Products : pan-os pa-7050 pa-7080
    • EPSS Score: %2.29
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13962

    lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.... Read more

    • EPSS Score: %1.64
    • Published: Jul. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1944

    There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions.... Read more

    Affected Products : debian_linux traffic_server
    • EPSS Score: %0.70
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292016 Results