Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2019-15753

    In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibl... Read more

    Affected Products : os-vif
    • Published: Aug. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-11496

    In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by a... Read more

    Affected Products : couchbase_server
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-6837

    A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus,... Read more

    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-17512

    There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces.... Read more

    Affected Products : dir-412_firmware dir-412
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-19374

    An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where ... Read more

    Affected Products : matrix
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-5090

    An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An atta... Read more

    Affected Products : leadtools
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-7048

    The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-a... Read more

    Affected Products : wp_database_reset
    • Published: Jan. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-15855

    An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent De... Read more

    Affected Products : maarch_rm
    • Published: Jan. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-16029

    A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of ser... Read more

    Affected Products : smart_software_manager_on-prem
    • Published: Jan. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2013-1350

    Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities... Read more

    Affected Products : network_management_system
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-8990

    Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation.... Read more

    Affected Products : ibi my_cloud_home
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9432

    openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.... Read more

    Affected Products : lua-openssl
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9751

    Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.... Read more

    Affected Products : cloud_explorer
    • Published: Mar. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-1912

    A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management ... Read more

    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-6203

    SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are... Read more

    Affected Products : netweaver
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-10083

    GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-10118

    cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).... Read more

    Affected Products : cpanel
    • Published: Mar. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-12124

    An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.... Read more

    Affected Products : open_network_automation_platform
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-12131

    An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.... Read more

    Affected Products : open_network_automation_platform
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-20596

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019).... Read more

    Affected Products : android exynos
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294860 Results