Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2020-26829

    SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedica... Read more

    • EPSS Score: %2.14
    • Published: Dec. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-25577

    In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before proces... Read more

    Affected Products : freebsd
    • EPSS Score: %0.58
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-25213

    The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attacker... Read more

    Affected Products : file_manager
    • Actively Exploited
    • EPSS Score: %94.42
    • Published: Sep. 09, 2020
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2019-1449

    A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SY... Read more

    Affected Products : office office_365_proplus
    • EPSS Score: %6.25
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-2040

    A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interf... Read more

    Affected Products : pan-os
    • EPSS Score: %2.91
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3122

    CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploit... Read more

    Affected Products : command_center_agent
    • EPSS Score: %12.95
    • Published: Feb. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-1615

    The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX i... Read more

    Affected Products : junos vmx
    • EPSS Score: %0.47
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15639

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of th... Read more

    Affected Products : qconvergeconsole
    • EPSS Score: %19.37
    • Published: Aug. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-14859

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthentica... Read more

    Affected Products : weblogic_server
    • EPSS Score: %4.77
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-0721

    The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.... Read more

    Affected Products : unified_sip_phone_3905
    • EPSS Score: %1.14
    • Published: Feb. 22, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-13802

    Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.... Read more

    Affected Products : rebar3
    • EPSS Score: %1.61
    • Published: Sep. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-12271

    A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal ... Read more

    Affected Products : sfos xg_firewall
    • Actively Exploited
    • EPSS Score: %83.19
    • Published: Apr. 27, 2020
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2017-14375

    EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions... Read more

    • EPSS Score: %2.76
    • Published: Nov. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-9505

    The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary... Read more

    Affected Products : print_management
    • EPSS Score: %2.02
    • Published: May. 08, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-8716

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges.... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.57
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-12635

    Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database,... Read more

    Affected Products : couchdb
    • EPSS Score: %94.18
    • Published: Nov. 14, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-12379

    ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is... Read more

    Affected Products : debian_linux clamav
    • EPSS Score: %22.23
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-12377

    ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is... Read more

    Affected Products : debian_linux clamav
    • EPSS Score: %27.08
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-8073

    ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.... Read more

    Affected Products : coldfusion
    • EPSS Score: %14.78
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7839

    ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : coldfusion
    • EPSS Score: %34.88
    • Published: Jun. 12, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results