Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-3615

    Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Elec... Read more

    • Published: Jun. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0789

    Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. ... Read more

    Affected Products : phpmyfaq
    • Published: Feb. 12, 2023
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-25525

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2020-29061

    An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN... Read more

    • Published: Nov. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40212

    An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to code execution, information disclosure, and denial of service.... Read more

    Affected Products : potplayer
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0256

    A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Use... Read more

    • Published: Jan. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3993

    Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. ... Read more

    Affected Products : kavita
    • Published: Nov. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26634

    SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these ... Read more

    Affected Products : linux_kernel maxboard
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-1320

    The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.... Read more

    Affected Products : metal_as_a_service
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-15371

    Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.... Read more

    Affected Products : fabric_operating_system
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7611

    All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.... Read more

    Affected Products : micronaut
    • Published: Mar. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7632

    node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.... Read more

    Affected Products : node-mpv
    • Published: Apr. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-8096

    Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.... Read more

    Affected Products : seq
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37595

    In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU.... Read more

    Affected Products : windows freerdp freerdp
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38456

    A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords... Read more

    Affected Products : mxview
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-5777

    MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connect... Read more

    Affected Products : magmi
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-11548

    The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.... Read more

    Affected Products : search_meter
    • Published: Apr. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41170

    neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value... Read more

    Affected Products : neoan3-template
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43899

    Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability... Read more

    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-32311

    Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.... Read more

    • Published: Jul. 05, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293309 Results