Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2020-11066

    In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and r... Read more

    Affected Products : typo3
    • EPSS Score: %0.53
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0690

    An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.... Read more

    • EPSS Score: %13.25
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-9174

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.36
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7968

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : macos photoshop_cc windows
    • EPSS Score: %21.75
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7788

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful ex... Read more

    • EPSS Score: %2.02
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7095

    Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : windows digital_editions
    • EPSS Score: %8.15
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7085

    Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution... Read more

    • EPSS Score: %18.82
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7052

    Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code ex... Read more

    • EPSS Score: %7.62
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16460

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful expl... Read more

    • EPSS Score: %2.62
    • Published: Dec. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16057

    The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.... Read more

    Affected Products : dns-320_firmware dns-320
    • Actively Exploited
    • EPSS Score: %93.75
    • Published: Sep. 16, 2019
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2019-15846

    Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.... Read more

    Affected Products : debian_linux exim
    • EPSS Score: %63.29
    • Published: Sep. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-1580

    Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.... Read more

    Affected Products : pan-os
    • EPSS Score: %1.82
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14931

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the... Read more

    • EPSS Score: %59.40
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14930

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised acces... Read more

    • EPSS Score: %0.39
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10095

    bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.... Read more

    Affected Products : zeppelin
    • EPSS Score: %4.04
    • Published: Sep. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-8476

    A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows... Read more

    • EPSS Score: %48.70
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-4939

    Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : coldfusion
    • Actively Exploited
    • EPSS Score: %85.53
    • Published: May. 19, 2018
    • Modified: Feb. 13, 2025

  • 10.0

    HIGH
    CVE-2018-4917

    Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the curr... Read more

    • EPSS Score: %3.41
    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14649

    It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthentica... Read more

    • EPSS Score: %58.11
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12815

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user... Read more

    • EPSS Score: %1.88
    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291360 Results