Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-4455

    The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrar... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2021-4381

    The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This make... Read more

    Affected Products : ulisting
    • EPSS Score: %0.37
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4448

    The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perfor... Read more

    Affected Products : kaswara
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2021-4290

    A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql in... Read more

    Affected Products : fallstudie
    • EPSS Score: %0.05
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4279

    A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollu... Read more

    Affected Products : json-patch
    • EPSS Score: %0.10
    • Published: Dec. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0086

    uppy is vulnerable to Server-Side Request Forgery (SSRF)... Read more

    Affected Products : uppy uppy
    • EPSS Score: %0.34
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4298

    A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. This affects the function SearchCriteriaForWorksParameter of the file app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb. The manipulati... Read more

    Affected Products : sipity
    • EPSS Score: %0.06
    • Published: Jan. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4327

    A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overf... Read more

    Affected Products : serenityos
    • EPSS Score: %0.07
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4341

    The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. Thi... Read more

    Affected Products : ulisting
    • EPSS Score: %0.21
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4313

    A vulnerability was found in NethServer phonenehome. It has been rated as critical. This issue affects the function get_info/get_country_coor of the file server/index.php. The manipulation leads to sql injection. The identifier of the patch is 759c30b0ddd... Read more

    Affected Products : nethserver-phonenehome
    • EPSS Score: %0.05
    • Published: Jan. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4246

    A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched r... Read more

    Affected Products : lmeve
    • EPSS Score: %0.04
    • Published: Dec. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4262

    A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The na... Read more

    Affected Products : laravel_jqgrid
    • EPSS Score: %0.04
    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4449

    The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary file... Read more

    Affected Products : zoomsounds
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2021-4171

    calibre-web is vulnerable to Business Logic Errors... Read more

    Affected Products : calibre-web calibre-web
    • EPSS Score: %0.44
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4105

    Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. ... Read more

    • EPSS Score: %0.27
    • Published: Feb. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4129

    Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we pr... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.30
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2021-47548

    In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of po... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-54154

    In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox... Read more

    Affected Products : youtrack
    • Published: Dec. 04, 2024
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2021-47378

    In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to get cma event after qp was destroyed, which may lead to u... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-25291

    Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.... Read more

    Affected Products : deskfiler
    • Published: Feb. 29, 2024
    • Modified: Mar. 27, 2025
Showing 20 of 292512 Results