Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-42142

    An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.... Read more

    Affected Products : tinydtls
    • Published: Jan. 23, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2021-42224

    SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.... Read more

    Affected Products : ifsc_code_finder ifsc_code_finder
    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41931

    The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were each submitted in the id parameter. The... Read more

    Affected Products : recruitment_management_system
    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42230

    Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter.... Read more

    Affected Products : 130-slc_firmware 130-slc
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41862

    AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).... Read more

    Affected Products : aviatorscript
    • Published: Oct. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41833

    Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.... Read more

    Affected Products : manageengine_patch_connect_plus
    • Published: Nov. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41921

    novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.... Read more

    Affected Products : novel-plus
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41752

    Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.... Read more

    Affected Products : jerryscript
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41691

    A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.... Read more

    Affected Products : opensis
    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2021-42013

    It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directori... Read more

    • Actively Exploited
    • Published: Oct. 07, 2021
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2021-41694

    An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php.... Read more

    Affected Products : premiumdatingscript
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41674

    An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.... Read more

    Affected Products : e-negosyo_system
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41745

    ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.... Read more

    Affected Products : showdoc
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41660

    SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php.... Read more

    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41643

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.... Read more

    Affected Products : church_management_system
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41661

    Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP web... Read more

    Affected Products : church_management_system
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41749

    In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.... Read more

    Affected Products : seomatic
    • Published: Jun. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41553

    In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials... Read more

    Affected Products : web_central
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41615

    websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 secti... Read more

    Affected Products : goahead
    • Published: Aug. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41807

    Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.... Read more

    Affected Products : m-files_server m-files_web m-files
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293306 Results