Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-0479

    The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perfor... Read more

    Affected Products : popup_builder
    • EPSS Score: %76.37
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7471

    An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, ... Read more

    • EPSS Score: %35.76
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29656

    Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked.... Read more

    Affected Products : infinity_connect
    • EPSS Score: %0.22
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30132

    Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.... Read more

    Affected Products : cloudera_manager
    • EPSS Score: %0.53
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18784

    SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.... Read more

    Affected Products : suitecrm
    • EPSS Score: %0.34
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23820

    This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.... Read more

    Affected Products : jsonpointer json-pointer
    • EPSS Score: %0.20
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24222

    The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, ... Read more

    Affected Products : wp-curriculo_vitae_free
    • EPSS Score: %5.24
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-3934

    An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network tr... Read more

    • EPSS Score: %0.22
    • Published: Nov. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1505

    The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthentica... Read more

    Affected Products : rsvpmaker
    • EPSS Score: %3.43
    • Published: May. 10, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-11172

    u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow' in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980... Read more

    • EPSS Score: %0.31
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-17082

    Raw Image Extension Remote Code Execution Vulnerability... Read more

    Affected Products : raw_image_extension
    • EPSS Score: %7.33
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25831

    A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string h... Read more

    Affected Products : document_server
    • EPSS Score: %3.62
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25832

    A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer.... Read more

    Affected Products : document_server
    • EPSS Score: %8.29
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25949

    Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : set-getter
    • EPSS Score: %0.85
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3199

    Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.... Read more

    Affected Products : document_server
    • EPSS Score: %6.76
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26918

    The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows doub... Read more

    Affected Products : bot
    • EPSS Score: %0.78
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-20861

    Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnera... Read more

    Affected Products : nexus_dashboard
    • EPSS Score: %0.38
    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26987

    Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in fo... Read more

    • EPSS Score: %1.87
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27007

    NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session.... Read more

    Affected Products : virtual_desktop_service
    • EPSS Score: %0.71
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33816

    The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %2.57
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292762 Results