Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-3548

    A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resul... Read more

    • Published: Nov. 18, 2024
    • Modified: Jul. 31, 2025

  • 6.3

    MEDIUM
    CVE-2020-3539

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit ... Read more

    • Published: Nov. 18, 2024
    • Modified: Jul. 31, 2025

  • 8.1

    HIGH
    CVE-2020-3538

    A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path... Read more

    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 6.1

    MEDIUM
    CVE-2020-3532

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco U... Read more

    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 4.3

    MEDIUM
    CVE-2020-3525

    A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 6.1

    MEDIUM
    CVE-2020-3431

    A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripti... Read more

    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 5.4

    MEDIUM
    CVE-2020-3420

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cros... Read more

    Affected Products : unified_communications_manager
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 8.6

    HIGH
    CVE-2020-27124

    A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulne... Read more

    • Published: Nov. 18, 2024
    • Modified: Aug. 01, 2025

  • 7.8

    HIGH
    CVE-2020-26074

    A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 18, 2024
    • Modified: Aug. 04, 2025

  • 7.5

    HIGH
    CVE-2020-26073

    A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal charac... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 18, 2024
    • Modified: Aug. 04, 2025

  • 8.4

    HIGH
    CVE-2020-26071

    A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to ins... Read more

    • Published: Nov. 18, 2024
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2020-26063

    A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper ... Read more

    Affected Products : unified_computing_system
    • Published: Nov. 18, 2024
    • Modified: Nov. 18, 2024

  • 5.3

    MEDIUM
    CVE-2020-26062

    A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back f... Read more

    Affected Products : unified_computing_system
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 7.6

    HIGH
    CVE-2024-52436

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Post SMTP allows Blind SQL Injection.This issue affects Post SMTP: from n/a through 2.9.9.... Read more

    Affected Products : post_smtp
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 7.6

    HIGH
    CVE-2024-52435

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in W3 Eden, Inc. Premium Packages allows SQL Injection.This issue affects Premium Packages: from n/a through 5.9.3.... Read more

    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.1

    CRITICAL
    CVE-2024-52434

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29.... Read more

    Affected Products : popup
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-52433

    Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2.... Read more

    Affected Products : my_geo_posts_free
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-52432

    Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through 0.0.4.... Read more

    Affected Products : nix_anti-spam_light
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-52431

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Import... Read more

    Affected Products : wordpress_video_robot
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-52430

    Deserialization of Untrusted Data vulnerability in Lis Lis Video Gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through 0.2.1.... Read more

    Affected Products : video_gallery
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024
Showing 20 of 291712 Results