Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.7 MEDIUM
CVE-2020-37165 — AbsoluteTelnet 11.12 - "license name" Denial of Service

AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character pa…

absolutetelnet | Denial of Service
Feb 07, 2026 Feb 19, 2026
Feb 07, 2026
Feb 19, 2026
6.7 MEDIUM
CVE-2020-37164 — AbsoluteTelnet 11.12 - "license entry" Denial of Service

AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character pa…

absolutetelnet | Denial of Service
Feb 07, 2026 Feb 19, 2026
Feb 07, 2026
Feb 19, 2026
8.8 HIGH
CVE-2020-37163 — QuickDate 1.3.2 - SQL Injection

QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject …

Remote | Injection
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
9.8 CRITICAL
CVE-2020-37162 — Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malic…

wedding_slideshow_studio | Remote | Memory Corruption
Feb 07, 2026 Feb 24, 2026
Feb 07, 2026
Feb 24, 2026
9.8 CRITICAL
CVE-2020-37161 — Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can…

wedding_slideshow_studio | Remote | Memory Corruption
Feb 07, 2026 Feb 24, 2026
Feb 07, 2026
Feb 24, 2026
8.5 HIGH
CVE-2020-37160 — SprintWork 2.3.1 - Local Privilege Escalation

SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing e…

| Authorization
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
9.8 CRITICAL
CVE-2020-37159 — Cuckoo Clock 5.0 - Buffer Overflow

Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can cra…

Remote | Memory Corruption
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
8.7 HIGH
CVE-2020-37157 — DBPower C300 HD Camera - Remote Configuration Disclosure

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. …

Remote | Information Disclosure
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
7.5 HIGH
CVE-2020-37155 — Core FTP Lite 1.3 - Denial of Service (PoC)

Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte …

Remote | Memory Corruption
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
7.1 HIGH
CVE-2020-37154 — eLection 2.0 - 'id' SQL Injection

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can …

Remote | Injection
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
7.1 HIGH
CVE-2020-37147 — ATutor 2.2.4 - 'id' SQL Injection

ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploi…

atutor | Remote | Injection
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
8.7 HIGH
CVE-2020-37146 — Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's c…

Remote | Information Disclosure
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
8.8 HIGH
CVE-2020-37141 — AMSS++ v 4.31 - 'id' SQL Injection

AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/mai…

Remote | Injection
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
9.3 CRITICAL
CVE-2020-37135 — AMSS++ 4.7 - Backdoor Admin Account

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username an…

amss\+\+ | Remote | Authentication
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
7.5 HIGH
CVE-2020-37122 — SpotFTP-FTP Password Recover 2.4.8 - Denial of Service

SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file wi…

Remote | Denial of Service
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
7.5 HIGH
CVE-2020-37109 — aSc TimeTables 2020.11.4 - Denial of Service

aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a…

Remote | Denial of Service
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
7.5 HIGH
CVE-2020-37107 — Core FTP LE 2.2 - Denial of Service

Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 2…

core_ftp_le | Remote | Denial of Service
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
5.3 MEDIUM
CVE-2020-37106 — Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)

Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML for…

Remote | Cross-Site Request Forgery
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
9.8 CRITICAL
CVE-2020-37095 — Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attack…

cyberoamos | Remote | Memory Corruption
Feb 07, 2026 Feb 09, 2026
Feb 07, 2026
Feb 09, 2026
5.1 MEDIUM
CVE-2020-37079 — Wing FTP Server < 6.2.7 - Cross-site Request Forgery

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft …

wing_ftp_server | Remote | Cross-Site Request Forgery
Feb 07, 2026 Feb 18, 2026
Feb 07, 2026
Feb 18, 2026
Showing 20 of 5125 Results