Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2017-9383

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget"... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-11208

    The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potentia... Read more

    Affected Products : api_exchange_gateway
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-15954

    An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be... Read more

    Affected Products : total.js_cms
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-10417

    Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.... Read more

    Affected Products : kubernetes_pipeline
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-10759

    safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.... Read more

    Affected Products : safer-eval
    • Published: Oct. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-10458

    Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.... Read more

    Affected Products : puppet_enterprise_pipeline
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-16872

    Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).... Read more

    Affected Products : portainer
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-10940

    A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on co... Read more

    Affected Products : sinema_server
    • Published: Jan. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-6965

    In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 ... Read more

    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-9408

    The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not ... Read more

    • Published: Mar. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-7055

    An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.... Read more

    Affected Products : elementor_page_builder elementor
    • Published: Apr. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-9045

    During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after... Read more

    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-8180

    A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.... Read more

    Affected Products : talk
    • Published: Jun. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-7357

    Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in syste... Read more

    • Published: Aug. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-6142

    A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability.... Read more

    Affected Products : opensis
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-2279

    A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Je... Read more

    Affected Products : script_security
    • Published: Sep. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-18342

    A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with C... Read more

    Affected Products : control_center_server
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-10208

    Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges.... Read more

    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-35951

    An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress ... Read more

    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-36156

    An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any ... Read more

    Affected Products : ultimate_member
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293246 Results