Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-3561

    Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below).... Read more

    Affected Products : hhvm
    • Published: Apr. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15019

    A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector.... Read more

    Affected Products : inspector
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22873

    Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.... Read more

    Affected Products : jsish
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15320

    The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.... Read more

    Affected Products : optiontree
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23583

    OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAN... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2020-23711

    SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.... Read more

    Affected Products : navigate_cms
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23833

    Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request.... Read more

    Affected Products : house_rental
    • Published: Sep. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15494

    openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.... Read more

    Affected Products : openitcockpit
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15937

    Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.... Read more

    Affected Products : barebox
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16060

    The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).... Read more

    Affected Products : airbrake_ruby
    • Published: Sep. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16142

    An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application.... Read more

    Affected Products : renderdocs-rs renderdoc
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25058

    An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 (July 2020).... Read more

    Affected Products : android
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25132

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type... Read more

    Affected Products : observium
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25159

    499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.... Read more

    • Published: Nov. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16257

    Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructio... Read more

    Affected Products : motorola_firmware motorola
    • Published: Sep. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25215

    yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document.... Read more

    Affected Products : yed
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25258

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execu... Read more

    Affected Products : onbase
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25462

    Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903.... Read more

    Affected Products : moddable
    • Published: Dec. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16644

    App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.... Read more

    Affected Products : tuzicms
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20160

    A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the a... Read more

    Affected Products : express-param
    • Published: Dec. 31, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294270 Results