Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2020-36155

    An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defin... Read more

    Affected Products : ultimate_member
    • EPSS Score: %1.07
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-36157

    An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attac... Read more

    Affected Products : ultimate_member
    • EPSS Score: %1.52
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-29491

    Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to th... Read more

    • EPSS Score: %0.90
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-29492

    Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target spec... Read more

    • EPSS Score: %0.86
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-36178

    oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). N... Read more

    Affected Products : tl-wr840n_firmware tl-wr840n
    • EPSS Score: %13.61
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-26712

    REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL in... Read more

    Affected Products : redcap
    • EPSS Score: %0.70
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-5685

    UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL.... Read more

    • EPSS Score: %0.61
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20617

    Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive in... Read more

    Affected Products : acmailer acmailer_db
    • EPSS Score: %2.96
    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-29493

    DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the applicati... Read more

    • EPSS Score: %5.80
    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-0002

    A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.... Read more

    Affected Products : purity\/\/fa
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 10.0

    CRITICAL
    CVE-2024-43693

    A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 01, 2024

  • 10.0

    CRITICAL
    CVE-2024-42017

    An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system priv... Read more

    Affected Products :
    • Published: Sep. 30, 2024
    • Modified: Oct. 29, 2024

  • 10.0

    CRITICAL
    CVE-2024-49216

    Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments Number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through 0.2.1.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-49314

    Unrestricted Upload of File with Dangerous Type vulnerability in 酱茄 JiangQie Free Mini Program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through 2.5.2.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-49607

    Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0.... Read more

    Affected Products : wp_dropbox_dropins
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    CRITICAL
    CVE-2024-49610

    Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0.... Read more

    Affected Products : photokit
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    CRITICAL
    CVE-2024-47901

    A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of a... Read more

    • Published: Oct. 23, 2024
    • Modified: Oct. 30, 2024

  • 10.0

    CRITICAL
    CVE-2024-50498

    Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.... Read more

    Affected Products : wp_query_console
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 10.0

    CRITICAL
    CVE-2024-50496

    Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2.... Read more

    Affected Products : ar
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 10.0

    CRITICAL
    CVE-2024-8923

    ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to h... Read more

    Affected Products : servicenow
    • Published: Oct. 29, 2024
    • Modified: Nov. 27, 2024
Showing 20 of 290954 Results