Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-34950

    Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php.... Read more

    Affected Products : pharmacy_management_system
    • EPSS Score: %0.25
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34946

    Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php.... Read more

    Affected Products : pharmacy_management_system
    • EPSS Score: %0.25
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39379

    A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the ResetUserInfo.php password_stn_id parameter.... Read more

    Affected Products : opensis
    • EPSS Score: %7.00
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39377

    A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.... Read more

    Affected Products : opensis
    • EPSS Score: %7.00
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39302

    MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.... Read more

    Affected Products : misp
    • EPSS Score: %0.26
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39303

    The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.... Read more

    Affected Products : jamf
    • EPSS Score: %0.73
    • Published: Nov. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-1011

    A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 13... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 04, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2021-39306

    A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.... Read more

    Affected Products : rtl8195am_firmware rtl8195am
    • EPSS Score: %0.62
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39238

    Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.... Read more

    • EPSS Score: %16.20
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9486

    A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and... Read more

    Affected Products : image_builder
    • Published: Oct. 15, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2021-39227

    ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization ... Read more

    Affected Products : zrender
    • EPSS Score: %0.40
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39226

    Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key... Read more

    Affected Products : fedora grafana
    • Actively Exploited
    • EPSS Score: %94.34
    • Published: Oct. 05, 2021
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2021-38969

    IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609.... Read more

    Affected Products : spectrum_virtualize
    • EPSS Score: %0.19
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-56431

    oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.... Read more

    Affected Products : libtheora theora
    • Published: Dec. 25, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-55637

    Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploi... Read more

    Affected Products : drupal
    • Published: Dec. 10, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2021-38833

    SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.... Read more

    • EPSS Score: %0.52
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38734

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38731

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38687

    A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Sur... Read more

    Affected Products : qts surveillance_station
    • EPSS Score: %0.81
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38684

    A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Multi... Read more

    Affected Products : multimedia_console
    • EPSS Score: %0.81
    • Published: Nov. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292652 Results