Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2019-14986

    eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password")... Read more

    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2108

    In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitat... Read more

    Affected Products : android
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2184

    In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitat... Read more

    Affected Products : android
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2206

    In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is needed for exploitation.P... Read more

    Affected Products : android
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-15344

    The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). ... Read more

    Affected Products : camon_iclick_firmware camon_iclick
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-15595

    A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands.... Read more

    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-7366

    Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.... Read more

    Affected Products : fbx_software_development_kit
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2019-14909

    A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.... Read more

    Affected Products : keycloak single_sign-on
    • Published: Dec. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-19771

    The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.... Read more

    Affected Products : lodahs
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0653

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651.... Read more

    Affected Products : office_365_proplus
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-17102

    An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOC... Read more

    Affected Products : box_2_firmware box_2
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-3093

    ASUS RT-N56U devices allow CSRF.... Read more

    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-12180

    An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting lan... Read more

    Affected Products : soapui readyapi
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-3494

    A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.... Read more

    Affected Products : umplayer
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-11689

    An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.... Read more

    Affected Products : exfat_driver
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-11012

    MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without ... Read more

    Affected Products : minio
    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4287

    IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnera... Read more

    Affected Products : windows i2_analysts_notebook
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4422

    IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to ... Read more

    Affected Products : windows i2_analysts_notebook
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4285

    IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnera... Read more

    Affected Products : windows i2_analysts_notebook
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-15046

    The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.... Read more

    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292796 Results