Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-25792

    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().... Read more

    Affected Products : sized-chunks
    • EPSS Score: %0.31
    • Published: Sep. 19, 2020
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-25020

    MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.... Read more

    Affected Products : primavera_unifier mpxj comos
    • EPSS Score: %2.00
    • Published: Aug. 29, 2020
    • Modified: May. 05, 2025

  • 7.4

    HIGH
    CVE-2020-13817

    ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 ... Read more

    • EPSS Score: %0.38
    • Published: Jun. 04, 2020
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2020-13162

    A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with eleva... Read more

    • EPSS Score: %0.35
    • Published: Jun. 16, 2020
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2020-11868

    ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid ori... Read more

    • EPSS Score: %0.60
    • Published: Apr. 17, 2020
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-10828

    A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.... Read more

    • EPSS Score: %22.82
    • Published: Mar. 26, 2020
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-10827

    A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.... Read more

    • EPSS Score: %22.82
    • Published: Mar. 26, 2020
    • Modified: May. 05, 2025

  • 10.0

    HIGH
    CVE-2020-10826

    /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.... Read more

    • EPSS Score: %61.53
    • Published: Mar. 26, 2020
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-10825

    A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).... Read more

    • EPSS Score: %5.52
    • Published: Mar. 26, 2020
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2024-35386

    An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc function in the mjs.c file.... Read more

    Affected Products : mjs
    • Published: May. 21, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-10824

    A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).... Read more

    • EPSS Score: %5.52
    • Published: Mar. 26, 2020
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-10823

    A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).... Read more

    • EPSS Score: %5.52
    • Published: Mar. 26, 2020
    • Modified: May. 05, 2025

  • 10.0

    HIGH
    CVE-2019-8246

    Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .... Read more

    Affected Products : macos media_encoder windows
    • EPSS Score: %8.44
    • Published: Nov. 14, 2019
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2019-8244

    Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.... Read more

    Affected Products : macos media_encoder windows
    • EPSS Score: %1.58
    • Published: Nov. 14, 2019
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2019-8243

    Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.... Read more

    Affected Products : macos media_encoder windows
    • EPSS Score: %1.58
    • Published: Nov. 14, 2019
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2019-8242

    Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.... Read more

    Affected Products : macos media_encoder windows
    • EPSS Score: %1.74
    • Published: Nov. 14, 2019
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2019-8241

    Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.... Read more

    Affected Products : macos media_encoder windows
    • EPSS Score: %1.58
    • Published: Nov. 14, 2019
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2024-34244

    libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintend... Read more

    Affected Products : libmodbus
    • Published: May. 08, 2024
    • Modified: May. 05, 2025

  • 8.1

    HIGH
    CVE-2024-2441

    The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine &... Read more

    • Published: May. 14, 2024
    • Modified: May. 05, 2025

  • 5.9

    MEDIUM
    CVE-2024-2749

    The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such ... Read more

    • Published: May. 14, 2024
    • Modified: May. 05, 2025
Showing 20 of 291222 Results