Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-14132

    Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150... Read more

    • EPSS Score: %0.33
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0070

    In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for... Read more

    Affected Products : android
    • EPSS Score: %2.28
    • Published: Apr. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0071

    In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed... Read more

    Affected Products : android
    • EPSS Score: %2.28
    • Published: Apr. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0072

    In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for ... Read more

    Affected Products : android
    • EPSS Score: %2.28
    • Published: Apr. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9279

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • EPSS Score: %2.22
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10569

    SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostC... Read more

    Affected Products : on-premise
    • EPSS Score: %2.05
    • Published: Apr. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-12079

    Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging ... Read more

    Affected Products : beaker
    • EPSS Score: %0.60
    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-12746

    An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SV... Read more

    Affected Products : android
    • EPSS Score: %0.29
    • Published: May. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13022

    Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored wit... Read more

    Affected Products : jetselect
    • EPSS Score: %0.19
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0103

    In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product... Read more

    Affected Products : android
    • EPSS Score: %3.01
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-12828

    An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executin... Read more

    • EPSS Score: %14.76
    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-18666

    An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Vers... Read more

    • EPSS Score: %3.52
    • Published: May. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9355

    In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. P... Read more

    Affected Products : android
    • EPSS Score: %7.79
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-12493

    An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb opera... Read more

    Affected Products : cpu_ls4000_firmware
    • EPSS Score: %0.30
    • Published: May. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-8967

    There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information.... Read more

    Affected Products : erp
    • EPSS Score: %0.26
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11975

    Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.... Read more

    Affected Products : unomi
    • EPSS Score: %38.96
    • Published: Jun. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-9412

    The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed ... Read more

    • EPSS Score: %0.78
    • Published: Jun. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3928

    GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.... Read more

    • EPSS Score: %0.10
    • Published: Jun. 12, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-13159

    Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.... Read more

    Affected Products : artica_proxy
    • EPSS Score: %17.65
    • Published: Jun. 22, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15348

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.... Read more

    Affected Products : cloud_cnm_secumanager
    • EPSS Score: %1.24
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 290943 Results