Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-11176

    While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer... Read more

    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11140

    Out of bound memory access during music playback with ALAC modified content due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, ... Read more

    Affected Products : apq8017 apq8037 apq8052 apq8053 apq8056 apq8062 apq8064au apq8076 apq8084 apq8096au +439 more products
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11116

    u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial ... Read more

    • Published: Sep. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4237

    Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by t... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4221

    The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocat... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2020-11066

    In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and r... Read more

    Affected Products : typo3
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-1250

    Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors.... Read more

    Affected Products : winmail
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-10988

    A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Jul. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10987

    The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.... Read more

    Affected Products : ac15_firmware ac15
    • Actively Exploited
    • Published: Jul. 13, 2020
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2020-10881

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hand... Read more

    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-1186

    Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.... Read more

    Affected Products : internet_explorer ie
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-4604

    Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable.... Read more

    Affected Products : mtink
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-4566

    Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.... Read more

    Affected Products : netvanta
    • Published: Dec. 29, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-10569

    SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostC... Read more

    Affected Products : on-premise
    • Published: Apr. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-4414

    Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."... Read more

    Affected Products : teamwork
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-4338

    announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".... Read more

    Affected Products : academic_suite
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-4138

    PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.... Read more

    Affected Products : technote
    • Published: Sep. 24, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2020-10279

    MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access be... Read more

    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-10272

    MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of... Read more

    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10245

    CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.... Read more

    • Published: Mar. 26, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292768 Results