Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-4171

    calibre-web is vulnerable to Business Logic Errors... Read more

    Affected Products : calibre-web calibre-web
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4105

    Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. ... Read more

    • Published: Feb. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4129

    Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we pr... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2021-47548

    In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of po... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-54154

    In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox... Read more

    Affected Products : youtrack
    • Published: Dec. 04, 2024
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2021-47378

    In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to get cma event after qp was destroyed, which may lead to u... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-25291

    Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.... Read more

    Affected Products : deskfiler
    • Published: Feb. 29, 2024
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-2647

    A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /admin/singlelogin.php. The manipulation of the argument loginId leads to sql in... Read more

    • Published: Mar. 19, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2019-7195

    This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.... Read more

    Affected Products : photo_station qts
    • Actively Exploited
    • Published: Dec. 05, 2019
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2021-46891

    Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46704

    In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing auth... Read more

    Affected Products : genieacs
    • Published: Mar. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46703

    In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products ... Read more

    Affected Products : razorengine
    • Published: Mar. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46442

    In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization.... Read more

    Affected Products : dir-825_firmware dir-825
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46427

    An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php.... Read more

    Affected Products : simple_chatbot_application
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46384

    https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows u... Read more

    Affected Products : mcms
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46455

    D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter.... Read more

    Affected Products : dir-823_pro_firmware dir-823_pro
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46446

    H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID.... Read more

    Affected Products : multistore
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46456

    D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter.... Read more

    Affected Products : dir-823_pro_firmware dir-823_pro
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46230

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters.... Read more

    Affected Products : di-7200gv2_firmware di-7200gv2
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46229

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter.... Read more

    Affected Products : di-7200gv2_firmware di-7200gv2
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results