Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2025-68643 — Axigen Mail Server Cross-Site Scripting (XSS)

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack…

axigen_mail_server | Remote | Cross-Site Scripting
Feb 05, 2026 Feb 11, 2026
Feb 05, 2026
Feb 11, 2026
6.1 MEDIUM
CVE-2020-37152 — PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the brow…

phpfusion php-fusion | Remote | Cross-Site Scripting
Feb 05, 2026 Feb 09, 2026
Feb 05, 2026
Feb 09, 2026
8.7 HIGH
CVE-2020-37150 — Edimax Technology EW-7438RPn-v3 Mini 1.27 - Unauthorized Access: Wi-Fi Password Disclosure

Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wire…

ew-7438rpn_mini_firmware ew-7438rpn_mini | Remote | Information Disclosure
Feb 05, 2026 Feb 18, 2026
Feb 05, 2026
Feb 18, 2026
8.8 HIGH
CVE-2020-37149 — Edimax Technology EW-7438RPn-v3 Mini 1.27 - Cross-Site Request Forgery (CSRF) to Command …

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the…

ew-7438rpn_mini_firmware ew-7438rpn_mini | Remote | Cross-Site Request Forgery
Feb 05, 2026 Feb 18, 2026
Feb 05, 2026
Feb 18, 2026
5.1 MEDIUM
CVE-2020-37148 — P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned…

Remote | Cross-Site Scripting
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
5.1 MEDIUM
CVE-2020-37145 — HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious…

hrsale | Remote | Cross-Site Request Forgery
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
5.3 MEDIUM
CVE-2020-37144 — Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submi…

sysguard_3001_firmware | Remote | Cross-Site Request Forgery
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
7.5 HIGH
CVE-2020-37143 — ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service

ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password…

Remote | Denial of Service
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
8.4 HIGH
CVE-2020-37142 — 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)

10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers c…

network_inventory_explorer | Memory Corruption
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
5.5 MEDIUM
CVE-2020-37140 — Everest 5.50.2100 - 'Open File' Denial of Service

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can …

everest | Denial of Service
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
8.4 HIGH
CVE-2020-37139 — Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer o…

| Denial of Service
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
9.8 CRITICAL
CVE-2020-37138 — 10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)

10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malic…

network_inventory_explorer | Remote | Memory Corruption
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
9.8 CRITICAL
CVE-2020-37137 — PHP-Fusion 9.03.50 - 'panels.php' Eval Injection

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST d…

phpfusion | Remote | Injection
Feb 05, 2026 Feb 09, 2026
Feb 05, 2026
Feb 09, 2026
7.5 HIGH
CVE-2020-37136 — ZOC Terminal v7.25.5 - 'Private key file' Denial of Service

ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input w…

Remote | Denial of Service
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
7.5 HIGH
CVE-2020-37134 — UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service

UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload…

vnc_viewer | Remote | Denial of Service
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
7.5 HIGH
CVE-2020-37133 — UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string…

ultravnc | Remote | Denial of Service
Feb 05, 2026 Feb 09, 2026
Feb 05, 2026
Feb 09, 2026
6.7 MEDIUM
CVE-2020-37132 — UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long …

ultravnc | Denial of Service
Feb 05, 2026 Feb 09, 2026
Feb 05, 2026
Feb 09, 2026
6.7 MEDIUM
CVE-2020-37131 — Product Key Explorer 4.2.2.0 - 'Key' Denial of Service

Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can…

product_key_explorer | Denial of Service
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
7.5 HIGH
CVE-2020-37130 — Nsauditor 3.2.0.0 - 'Name' Denial of Service

Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 byte…

nsauditor | Remote | Denial of Service
Feb 05, 2026 Feb 09, 2026
Feb 05, 2026
Feb 09, 2026
9.8 CRITICAL
CVE-2020-37129 — Memu Play 7.1.3 - Insecure Folder Permissions

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a ma…

memu | Remote | Misconfiguration
Feb 05, 2026 Feb 05, 2026
Feb 05, 2026
Feb 05, 2026
Showing 20 of 5134 Results