Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2020-11066

    In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and r... Read more

    Affected Products : typo3
    • EPSS Score: %0.53
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-1250

    Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors.... Read more

    Affected Products : winmail
    • EPSS Score: %0.38
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-10988

    A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.... Read more

    Affected Products : ac15_firmware ac15
    • EPSS Score: %6.40
    • Published: Jul. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10987

    The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.... Read more

    Affected Products : ac15_firmware ac15
    • Actively Exploited
    • EPSS Score: %93.27
    • Published: Jul. 13, 2020
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2020-10881

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hand... Read more

    • EPSS Score: %31.60
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-1186

    Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %74.82
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-4604

    Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable.... Read more

    Affected Products : mtink
    • EPSS Score: %0.92
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-4566

    Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.... Read more

    Affected Products : netvanta
    • EPSS Score: %1.00
    • Published: Dec. 29, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-10569

    SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostC... Read more

    Affected Products : on-premise
    • EPSS Score: %2.05
    • Published: Apr. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-4414

    Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."... Read more

    Affected Products : teamwork
    • EPSS Score: %0.39
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-4338

    announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".... Read more

    Affected Products : academic_suite
    • EPSS Score: %1.17
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-4138

    PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.... Read more

    Affected Products : technote
    • EPSS Score: %3.80
    • Published: Sep. 24, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2020-10279

    MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access be... Read more

    • EPSS Score: %0.29
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-10272

    MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of... Read more

    • EPSS Score: %0.47
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10245

    CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.... Read more

    • EPSS Score: %0.82
    • Published: Mar. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10207

    Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings.... Read more

    • EPSS Score: %3.96
    • Published: Dec. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10210

    Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH.... Read more

    • EPSS Score: %0.46
    • Published: Dec. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10189

    Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.... Read more

    Affected Products : manageengine_desktop_central
    • Actively Exploited
    • EPSS Score: %94.25
    • Published: Mar. 06, 2020
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2008-4592

    Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.... Read more

    Affected Products : sports_clubs_web_portal
    • EPSS Score: %2.77
    • Published: Oct. 16, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2005-4007

    Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/a... Read more

    Affected Products : sapid_cms
    • EPSS Score: %0.39
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292425 Results