Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-15606

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. The is... Read more

    Affected Products : webpanel
    • EPSS Score: %1.98
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14482

    AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers' installations when no other SSL certificate is installed, which allows remote att... Read more

    Affected Products : netcrunch
    • EPSS Score: %2.18
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35190

    The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve r... Read more

    Affected Products : plone
    • EPSS Score: %2.01
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35191

    The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root a... Read more

    Affected Products : drupal_docker_images
    • EPSS Score: %20.36
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35196

    The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker... Read more

    Affected Products : rabbitmq_docker_image
    • EPSS Score: %2.01
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35197

    The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root... Read more

    Affected Products : memcached_docker_image
    • EPSS Score: %2.01
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-35489

    The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.... Read more

    Affected Products : contact_form_7
    • EPSS Score: %90.11
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-26276

    Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted document. This can result in allowing unverified logins f... Read more

    Affected Products : fleet
    • EPSS Score: %0.98
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-12519

    On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.... Read more

    • EPSS Score: %0.15
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15611

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When pa... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-25066

    A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.... Read more

    Affected Products : tcp\/ip
    • EPSS Score: %3.74
    • Published: Dec. 22, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-29552

    An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root.... Read more

    Affected Products : urve
    • EPSS Score: %8.78
    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-28188

    Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.... Read more

    Affected Products : tos tos
    • EPSS Score: %93.44
    • Published: Dec. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-26282

    BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A ... Read more

    Affected Products : browserup_proxy
    • EPSS Score: %2.40
    • Published: Dec. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35713

    Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.... Read more

    Affected Products : re6500_firmware re6500
    • EPSS Score: %91.81
    • Published: Dec. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15613

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When p... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10207

    Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings.... Read more

    • EPSS Score: %3.96
    • Published: Dec. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10210

    Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH.... Read more

    • EPSS Score: %0.46
    • Published: Dec. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15615

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. The i... Read more

    Affected Products : webpanel
    • EPSS Score: %1.98
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35895

    An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion.... Read more

    Affected Products : stack
    • EPSS Score: %0.60
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 290954 Results