Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-28134

    Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.... Read more

    Affected Products : clipper
    • EPSS Score: %8.18
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29114

    A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.... Read more

    Affected Products : arcgis_server
    • EPSS Score: %0.43
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29200

    Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack... Read more

    Affected Products : ofbiz
    • EPSS Score: %92.95
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29377

    Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt.... Read more

    Affected Products : pearadmin_think
    • EPSS Score: %0.85
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-2254

    Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearable... Read more

    • EPSS Score: %0.29
    • Published: Jul. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29655

    Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute.... Read more

    Affected Products : infinity_connect
    • EPSS Score: %0.19
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-2322

    Buffer overflow can occur when playing specific clip which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Sn... Read more

    • EPSS Score: %0.36
    • Published: Jul. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3007

    Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Str... Read more

    Affected Products : laminas-http zend_framework
    • EPSS Score: %79.53
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30167

    The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.... Read more

    • EPSS Score: %3.02
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35946

    A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.... Read more

    Affected Products : owncloud
    • EPSS Score: %0.31
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23168

    The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--... Read more

    Affected Products : mobile_application_gateway
    • EPSS Score: %0.12
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23315

    MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.... Read more

    Affected Products : mcms
    • EPSS Score: %0.68
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23365

    HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.... Read more

    Affected Products : hms
    • EPSS Score: %0.26
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23379

    Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().... Read more

    Affected Products : emlog
    • EPSS Score: %0.56
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36440

    Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.... Read more

    Affected Products : showdoc
    • EPSS Score: %36.81
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30648

    The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, a... Read more

    • EPSS Score: %0.49
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5166

    An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device.... Read more

    • EPSS Score: %0.47
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-23878

    seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.... Read more

    Affected Products : seacms
    • EPSS Score: %0.91
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24021

    A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerabil... Read more

    • EPSS Score: %0.54
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24144

    Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters.... Read more

    Affected Products : ax3_firmware ax3
    • EPSS Score: %12.70
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291794 Results