Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-9279

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-12079

    Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging ... Read more

    Affected Products : beaker
    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-12746

    An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SV... Read more

    Affected Products : android
    • Published: May. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-12828

    An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executin... Read more

    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-9412

    The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed ... Read more

    • Published: Jun. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3928

    GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.... Read more

    • Published: Jun. 12, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15348

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.... Read more

    Affected Products : cloud_cnm_secumanager
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9631

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : magento
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9632

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : magento
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15311

    An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server wa... Read more

    Affected Products : linkplay
    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3297

    A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interf... Read more

    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-4074

    In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.... Read more

    Affected Products : prestashop
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11956

    An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a least privilege violation.... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0253

    There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365... Read more

    Affected Products : android
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-5415

    Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team... Read more

    Affected Products : concourse
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9446

    In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Pr... Read more

    Affected Products : android
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38527

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, ... Read more

    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15636

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vul... Read more

    Affected Products : r6700_firmware r6700
    • Published: Aug. 20, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-14510

    GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.... Read more

    • Published: Aug. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-15164

    in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users ... Read more

    Affected Products : scratch_login
    • Published: Aug. 28, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293970 Results