Latest zero-days Total: 455, in 2020: Zero-days 20, candidates: 1

Stored cross-site scripting in Login/Signup Popup plugin for WordPress

The vulnerability exploitation was detected on May 14, 2020. The authenticated attackers can inject, via the AJAX API, JavaScript code into the plugin’s settings and use it to target the administrator in the backend of WordPress.

Remote code execution in Elementor Pro plugin for WordPress

The vulnerability exploitation was detected on May 06, 2020. The attackers can remotely execute arbitrary code.

SQL injection in Sophos XG Firewall/SFOS
CVE-2020-12271

Asnarök

The vulnerability exploitation was detected on April 22, 2020. Malware dubbed Asnarök used SQL injection vulnerability to compromise the affected devices and steal users' credentials.

Remote code execution in Apple iOS

Not patched

According to security researchers this vulnerability is being actively exploited since January 2018.