Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2020-26255

    Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might h... Read more

    Affected Products : panel kirby
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-26838

    SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code ... Read more

    Affected Products : business_warehouse bw\/4hana
    • Published: Dec. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-17467

    An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lea... Read more

    Affected Products : fnet
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-24341

    An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data s... Read more

    Affected Products : picotcp picotcp-ng
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-35883

    An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.... Read more

    Affected Products : mozwire
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-4899

    IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.... Read more

    Affected Products : api_connect
    • Published: Jan. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9145

    There is an Out-of-bounds Write vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability may cause out-of-bounds access to the physical memory.... Read more

    Affected Products : emui magic_ui
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9139

    There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service.... Read more

    Affected Products : emui magic_ui
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-0004

    A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.... Read more

    Affected Products : purity\/\/fa
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 9.1

    CRITICAL
    CVE-2024-35293

    An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 9.1

    CRITICAL
    CVE-2024-7474

    In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the ... Read more

    Affected Products : lunary
    • Published: Oct. 29, 2024
    • Modified: Jan. 09, 2025

  • 9.1

    CRITICAL
    CVE-2024-8512

    The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. This is due to the plugin passing user supplied input to eval(... Read more

    Affected Products : w3speedster
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 9.1

    CRITICAL
    CVE-2024-10654

    A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to a... Read more

    Affected Products : lr350_firmware
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 9.1

    CRITICAL
    CVE-2024-46962

    The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.1

    CRITICAL
    CVE-2023-52268

    The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 9.1

    CRITICAL
    CVE-2024-52398

    Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 9.1

    CRITICAL
    CVE-2024-33610

    "sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the det... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 9.1

    CRITICAL
    CVE-2024-11992

    Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the s... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 9.1

    CRITICAL
    CVE-2024-38920

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter`/amcl m... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 06, 2024

  • 9.1

    CRITICAL
    CVE-2024-53810

    Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5.... Read more

    Affected Products : simple_user_registration
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024
Showing 20 of 294860 Results