Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2013-4334

    opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities... Read more

    Affected Products : opwebapiplugin
    • EPSS Score: %0.36
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17268

    The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected.... Read more

    Affected Products : omniauth-weibo-oauth2
    • EPSS Score: %0.65
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4335

    opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities... Read more

    Affected Products : opopensocialplugin
    • EPSS Score: %2.10
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9530

    A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact.... Read more

    Affected Products : nw
    • EPSS Score: %0.43
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8796

    Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.... Read more

    Affected Products : secure_file_transfer
    • EPSS Score: %3.29
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2052

    Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.99
    • Published: Feb. 11, 2020
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2013-1607

    Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability... Read more

    Affected Products : pdfkit
    • EPSS Score: %1.26
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2057

    YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability... Read more

    Affected Products : yabb
    • EPSS Score: %2.02
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9753

    confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter.... Read more

    Affected Products : atutor
    • EPSS Score: %1.68
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-1124

    SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.... Read more

    Affected Products : phxeventmanager
    • EPSS Score: %2.92
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7381

    libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.... Read more

    Affected Products : libnotify
    • EPSS Score: %2.01
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4906

    Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.... Read more

    Affected Products : tinybrowser
    • EPSS Score: %35.88
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7209

    LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.... Read more

    Affected Products : linuxki
    • EPSS Score: %93.39
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8803

    SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.... Read more

    Affected Products : suitecrm
    • EPSS Score: %0.96
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-1401

    Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.... Read more

    Affected Products : wordpress_poll
    • EPSS Score: %4.56
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20046

    The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute... Read more

    • EPSS Score: %0.17
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8128

    An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code.... Read more

    Affected Products : jsreport
    • EPSS Score: %0.37
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-3738

    A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.... Read more

    Affected Products : zabbix
    • EPSS Score: %2.86
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-6922

    Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative ... Read more

    Affected Products : virtual_system_administrator
    • EPSS Score: %76.72
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-1425

    JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities... Read more

    Affected Products : gecko_cms
    • EPSS Score: %0.41
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292247 Results