Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-9631

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : magento
    • EPSS Score: %5.20
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9632

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : magento
    • EPSS Score: %5.42
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15310

    An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 bu... Read more

    Affected Products : linkplay
    • EPSS Score: %11.93
    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15311

    An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server wa... Read more

    Affected Products : linkplay
    • EPSS Score: %8.60
    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3297

    A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interf... Read more

    • EPSS Score: %5.44
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-4074

    In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.... Read more

    Affected Products : prestashop
    • EPSS Score: %0.43
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11956

    An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a least privilege violation.... Read more

    • EPSS Score: %0.35
    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8178

    Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.... Read more

    Affected Products : jison
    • EPSS Score: %5.60
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-12441

    Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending a specially crafted network packet.... Read more

    • EPSS Score: %8.68
    • Published: Aug. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0253

    There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365... Read more

    Affected Products : android
    • EPSS Score: %0.20
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-5415

    Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team... Read more

    Affected Products : concourse
    • EPSS Score: %0.26
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9446

    In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Pr... Read more

    Affected Products : android
    • EPSS Score: %0.98
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38527

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, ... Read more

    • EPSS Score: %2.46
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15636

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vul... Read more

    Affected Products : r6700_firmware r6700
    • EPSS Score: %41.30
    • Published: Aug. 20, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7376

    The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the mod... Read more

    Affected Products : metasploit
    • EPSS Score: %0.33
    • Published: Aug. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-14510

    GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.... Read more

    • EPSS Score: %0.48
    • Published: Aug. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-14498

    HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. ... Read more

    Affected Products : ecatcher
    • EPSS Score: %0.55
    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-15164

    in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users ... Read more

    Affected Products : scratch_login
    • EPSS Score: %0.26
    • Published: Aug. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24786

    An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number ... Read more

    • EPSS Score: %6.78
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-1889

    A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.... Read more

    Affected Products : whatsapp_desktop
    • EPSS Score: %1.04
    • Published: Sep. 03, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 290943 Results