Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2019-19771

    The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.... Read more

    Affected Products : lodahs
    • EPSS Score: %0.44
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-3701

    eDeploy has tmp file race condition flaws... Read more

    Affected Products : jboss_enterprise_web_server edeploy
    • EPSS Score: %0.45
    • Published: Dec. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-8721

    Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.... Read more

    Affected Products : xcode
    • EPSS Score: %0.60
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-19995

    A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user.... Read more

    Affected Products : iwr_3000n_firmware iwr_3000n
    • EPSS Score: %0.19
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-17147

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TC... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • EPSS Score: %22.00
    • Published: Jan. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0653

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651.... Read more

    Affected Products : office_365_proplus
    • EPSS Score: %33.47
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-2098

    A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins.... Read more

    Affected Products : sounds
    • EPSS Score: %0.17
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-17102

    An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOC... Read more

    Affected Products : box_2_firmware box_2
    • EPSS Score: %0.34
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-3093

    ASUS RT-N56U devices allow CSRF.... Read more

    • EPSS Score: %0.16
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-12180

    An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting lan... Read more

    Affected Products : soapui readyapi
    • EPSS Score: %8.34
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-6297

    Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service.... Read more

    Affected Products : dd-wrt
    • EPSS Score: %0.65
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-3494

    A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.... Read more

    Affected Products : umplayer
    • EPSS Score: %0.21
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-7799

    A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.... Read more

    Affected Products : software_update_utility
    • EPSS Score: %0.16
    • Published: Nov. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-9265

    phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.... Read more

    Affected Products : phpmychat-plus
    • EPSS Score: %1.00
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0032

    In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.P... Read more

    Affected Products : android
    • EPSS Score: %1.85
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-11689

    An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.... Read more

    Affected Products : exfat_driver
    • EPSS Score: %2.41
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-11012

    MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without ... Read more

    Affected Products : minio
    • EPSS Score: %0.08
    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-12608

    An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead t... Read more

    • EPSS Score: %1.65
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-10971

    An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ... Read more

    • EPSS Score: %0.48
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4287

    IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnera... Read more

    Affected Products : windows i2_analysts_notebook
    • EPSS Score: %1.32
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291601 Results