Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2020-0245

    In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for explo... Read more

    Affected Products : android
    • EPSS Score: %4.10
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0416

    In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitat... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Oct. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4302

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arb... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %1.37
    • Published: Oct. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4451

    This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation.... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.34
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-8776

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.33
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-3863

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system p... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.33
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-16256

    The API on Winston 1.5.4 devices is vulnerable to CSRF.... Read more

    Affected Products : winston_firmware winston
    • EPSS Score: %0.15
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-26507

    A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main scre... Read more

    Affected Products : marmind
    • EPSS Score: %0.38
    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0451

    In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for e... Read more

    Affected Products : android
    • EPSS Score: %2.86
    • Published: Nov. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-13542

    A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get ... Read more

    Affected Products : logicaldoc
    • EPSS Score: %0.04
    • Published: Dec. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-10013

    A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : mac_os_x iphone_os tvos ipados
    • EPSS Score: %0.25
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-9981

    A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierr... Read more

    • EPSS Score: %0.40
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0458

    In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction i... Read more

    Affected Products : android
    • EPSS Score: %0.35
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-13535

    A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges.... Read more

    Affected Products : linkmaster
    • EPSS Score: %0.06
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-25106

    Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename.... Read more

    Affected Products : supremo
    • EPSS Score: %0.49
    • Published: Dec. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-35370

    A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to... Read more

    Affected Products : raysync
    • EPSS Score: %5.53
    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-3880

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing ... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • EPSS Score: %0.24
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-10209

    Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with ... Read more

    • EPSS Score: %3.13
    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-27252

    Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute... Read more

    • EPSS Score: %0.34
    • Published: Dec. 14, 2020
    • Modified: May. 22, 2025

  • 9.3

    CRITICAL
    CVE-2020-36160

    An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windo... Read more

    Affected Products : windows system_recovery
    • EPSS Score: %0.05
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291878 Results