Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-3902

    An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited ev... Read more

    Affected Products : dompdf
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2021-3878

    corenlp is vulnerable to Improper Restriction of XML External Entity Reference... Read more

    Affected Products : corenlp
    • EPSS Score: %0.32
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6446

    An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issu... Read more

    Affected Products : fedora numpy
    • EPSS Score: %59.21
    • Published: Jan. 16, 2019
    • Modified: Jul. 21, 2025

  • 9.8

    CRITICAL
    CVE-2021-3823

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender Gra... Read more

    • EPSS Score: %0.40
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3833

    Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login... Read more

    Affected Products : integria_ims
    • EPSS Score: %0.61
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3751

    libmobi is vulnerable to Out-of-bounds Write... Read more

    Affected Products : libmobi
    • EPSS Score: %0.33
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3881

    libmobi is vulnerable to Out-of-bounds Read... Read more

    Affected Products : libmobi
    • EPSS Score: %0.38
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3711

    In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" par... Read more

    • EPSS Score: %2.22
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3821

    A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.... Read more

    Affected Products : futuresmart_5
    • EPSS Score: %1.23
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2021-3666

    body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Read more

    Affected Products : xml_body_parser
    • EPSS Score: %0.36
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34993

    Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.... Read more

    Affected Products : a3600r_firmware a3600r
    • EPSS Score: %0.44
    • Published: Aug. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-52428

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12.... Read more

    Affected Products : ads_booster_by_ads_pro
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2021-3625

    Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363... Read more

    Affected Products : zephyr
    • EPSS Score: %5.56
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34974

    D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.... Read more

    Affected Products : dir820la1_firmware dir820la1
    • EPSS Score: %31.99
    • Published: Aug. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-52413

    Deserialization of Untrusted Data vulnerability in DMC Airin Blog allows Object Injection.This issue affects Airin Blog: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2021-3657

    A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows... Read more

    • EPSS Score: %3.62
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7939

    The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.... Read more

    Affected Products : tcpdump
    • EPSS Score: %0.93
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-3604

    Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the data... Read more

    Affected Products : secure_8
    • EPSS Score: %0.57
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12996

    The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().... Read more

    Affected Products : tcpdump
    • EPSS Score: %1.12
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-23008

    On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Servic... Read more

    Affected Products : big-ip_access_policy_manager
    • EPSS Score: %0.61
    • Published: May. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292508 Results