Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2019-20596

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019).... Read more

    Affected Products : android exynos
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-20597

    An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. SPENgesture allows arbitrary applications to read or modify user-input logs. The Samsung ID is SVE-2019-14170 (June 2019).... Read more

    Affected Products : android
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-10788

    openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.... Read more

    Affected Products : openitcockpit
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-11894

    Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.... Read more

    Affected Products : libming
    • Published: Apr. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-21131

    Certain NETGEAR devices are affected by unauthenticated firmware downgrade. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.... Read more

    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-11015

    A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with sam... Read more

    Affected Products : thinx-device-api
    • Published: Apr. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-11006

    In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0.... Read more

    Affected Products : shopizer
    • Published: May. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-10612

    Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service incl... Read more

    Affected Products : softpac_project
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9753

    Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.... Read more

    Affected Products : whale_browser_installer
    • Published: May. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-13485

    The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.... Read more

    Affected Products : knock_knock
    • Published: May. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-12883

    Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is par... Read more

    Affected Products : mbed_os mbed
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-12013

    A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 V... Read more

    • Published: Jul. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-4377

    IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 1791... Read more

    Affected Products : cognos_analytics
    • Published: Aug. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9233

    FusionCompute 8.0.0 have an insufficient authentication vulnerability. An attacker may exploit the vulnerability to delete some files and cause some services abnormal.... Read more

    Affected Products : fusioncompute
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-24052

    Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request.... Read more

    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-25054

    An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239 (August 2020).... Read more

    Affected Products : exynos
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-6874

    A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. Thi... Read more

    Affected Products : zxiptv_firmware zxiptv
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-25256

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations.... Read more

    Affected Products : onbase
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-11169

    u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial ... Read more

    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-24407

    Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Dat... Read more

    Affected Products : magento magento_commerce
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results