Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2012-6297

    Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service.... Read more

    Affected Products : dd-wrt
    • EPSS Score: %0.65
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-3494

    A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.... Read more

    Affected Products : umplayer
    • EPSS Score: %0.21
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-7799

    A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.... Read more

    Affected Products : software_update_utility
    • EPSS Score: %0.16
    • Published: Nov. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-9265

    phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.... Read more

    Affected Products : phpmychat-plus
    • EPSS Score: %1.00
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0032

    In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.P... Read more

    Affected Products : android
    • EPSS Score: %1.85
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-11689

    An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.... Read more

    Affected Products : exfat_driver
    • EPSS Score: %2.41
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-11012

    MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without ... Read more

    Affected Products : minio
    • EPSS Score: %0.08
    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-12608

    An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead t... Read more

    • EPSS Score: %1.65
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-10971

    An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ... Read more

    • EPSS Score: %0.48
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4287

    IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnera... Read more

    Affected Products : windows i2_analysts_notebook
    • EPSS Score: %1.32
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4422

    IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to ... Read more

    Affected Products : windows i2_analysts_notebook
    • EPSS Score: %0.96
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4285

    IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnera... Read more

    Affected Products : windows i2_analysts_notebook
    • EPSS Score: %1.32
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-15046

    The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.... Read more

    • EPSS Score: %0.56
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-9589

    Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    • EPSS Score: %4.29
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-15312

    An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issue... Read more

    Affected Products : linkplay
    • EPSS Score: %0.61
    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4305

    IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could ... Read more

    • EPSS Score: %1.39
    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0245

    In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for explo... Read more

    Affected Products : android
    • EPSS Score: %4.10
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0416

    In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitat... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Oct. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4302

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arb... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %1.37
    • Published: Oct. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4451

    This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation.... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.34
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291780 Results