Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-14418

    In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.... Read more

    Affected Products : msvod_cms
    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6330

    A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.... Read more

    Affected Products : access_control
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6548

    GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.... Read more

    Affected Products : ge_communicator
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-12011

    A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC W... Read more

    • Published: Jul. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6714

    An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local fil... Read more

    Affected Products : blogengine.net
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13420

    OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.... Read more

    Affected Products : openiam
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8293

    Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.... Read more

    Affected Products : upload-image-with-ajax
    • Published: Dec. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8387

    MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.... Read more

    • Published: May. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13484

    Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.... Read more

    Affected Products : bitrix24
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7606

    docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without an... Read more

    Affected Products : docker-compose-remote-api
    • Published: Mar. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7624

    effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.... Read more

    Affected Products : effect
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7629

    install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.... Read more

    Affected Products : install-package
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7634

    heroku-addonpool through 0.1.15 is vulnerable to Command Injection.... Read more

    Affected Products : heroku-addonpool
    • Published: Apr. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8849

    The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code.... Read more

    Affected Products : swiftnio_ssl
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7675

    cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `color` argument executed by the `eval` function resulting in code execution.... Read more

    Affected Products : cd-messenger
    • Published: Jun. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7812

    Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution b... Read more

    Affected Products : windows ezhttptrans
    • Published: May. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7814

    RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vuln... Read more

    Affected Products : windows raon_k_upload raon_kupload
    • Published: Jul. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14172

    This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions ... Read more

    • Published: Jul. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9195

    util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive.... Read more

    Affected Products : grin
    • Published: Feb. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8158

    Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.... Read more

    Affected Products : typeorm
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293946 Results