Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-12119

    An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager... Read more

    Affected Products : open_network_automation_platform
    • EPSS Score: %1.15
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12120

    An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (... Read more

    Affected Products : open_network_automation_platform
    • EPSS Score: %1.15
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12132

    An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.... Read more

    Affected Products : open_network_automation_platform
    • EPSS Score: %1.67
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12125

    In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (... Read more

    Affected Products : open_network_automation_platform
    • EPSS Score: %0.34
    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12126

    In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM... Read more

    Affected Products : open_network_automation_platform
    • EPSS Score: %0.34
    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12127

    In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM)... Read more

    Affected Products : open_network_automation_platform
    • EPSS Score: %0.34
    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16382

    An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is ... Read more

    Affected Products : workspace_control
    • EPSS Score: %15.59
    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12498

    The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.... Read more

    Affected Products : live_chat wp_live_chat_support
    • EPSS Score: %0.84
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8135

    The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.... Read more

    Affected Products : uppy
    • EPSS Score: %0.51
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11574

    An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.... Read more

    Affected Products : simple_machine_forum
    • EPSS Score: %0.66
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12767

    An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands.... Read more

    Affected Products : dap-1650_firmware dap-1650
    • EPSS Score: %0.94
    • Published: Mar. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20627

    AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE.... Read more

    Affected Products : autoupdater.net
    • EPSS Score: %0.45
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20530

    An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), P(9.0), and Q(10.0) software. Arbitrary code execution is possible on the lock screen. The Samsung ID is SVE-2019-15266 (December 2019).... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20536

    An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019).... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-3663

    Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating o... Read more

    Affected Products : advanced_threat_defense
    • EPSS Score: %0.44
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18934

    An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be execute... Read more

    Affected Products : popojicms
    • EPSS Score: %0.13
    • Published: Nov. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10849

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-1457... Read more

    • EPSS Score: %0.12
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20553

    An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. Arbitrary memory read and write operations can occur in RKP. The Samsung ID is SVE-2019-15143 (October... Read more

    • EPSS Score: %0.15
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20556

    An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-... Read more

    • EPSS Score: %0.15
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20561

    An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. The bootloader has an integer signedness error. The Samsung ID is SVE-2019-15230 (October 2019).... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291878 Results