Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-16451

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could le... Read more

    • EPSS Score: %17.18
    • Published: Dec. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16445

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could ... Read more

    • EPSS Score: %4.82
    • Published: Dec. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-27780

    A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.... Read more

    Affected Products : linux-pam
    • EPSS Score: %0.44
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-7455

    Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.... Read more

    Affected Products : little_cms_color_engine
    • EPSS Score: %15.23
    • Published: May. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2020-26829

    SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedica... Read more

    • EPSS Score: %2.14
    • Published: Dec. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-25577

    In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before proces... Read more

    Affected Products : freebsd
    • EPSS Score: %0.58
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-25213

    The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attacker... Read more

    Affected Products : file_manager
    • Actively Exploited
    • EPSS Score: %94.42
    • Published: Sep. 09, 2020
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2019-1449

    A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SY... Read more

    Affected Products : office office_365_proplus
    • EPSS Score: %6.25
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-2040

    A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interf... Read more

    Affected Products : pan-os
    • EPSS Score: %2.69
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3122

    CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploit... Read more

    Affected Products : command_center_agent
    • EPSS Score: %12.95
    • Published: Feb. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-1615

    The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX i... Read more

    Affected Products : junos vmx
    • EPSS Score: %0.47
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15639

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of th... Read more

    Affected Products : qconvergeconsole
    • EPSS Score: %19.37
    • Published: Aug. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-14859

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthentica... Read more

    Affected Products : weblogic_server
    • EPSS Score: %4.77
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-0721

    The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.... Read more

    Affected Products : unified_sip_phone_3905
    • EPSS Score: %1.14
    • Published: Feb. 22, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-13802

    Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.... Read more

    Affected Products : rebar3
    • EPSS Score: %1.61
    • Published: Sep. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-12271

    A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal ... Read more

    Affected Products : sfos xg_firewall
    • Actively Exploited
    • EPSS Score: %83.19
    • Published: Apr. 27, 2020
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2017-14375

    EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions... Read more

    • EPSS Score: %2.05
    • Published: Nov. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-9505

    The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary... Read more

    Affected Products : print_management
    • EPSS Score: %2.02
    • Published: May. 08, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-8716

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges.... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.57
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-12635

    Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database,... Read more

    Affected Products : couchdb
    • EPSS Score: %94.14
    • Published: Nov. 14, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291902 Results