Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-1283

    Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %3.03
    • Published: Feb. 07, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-1222

    This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.... Read more

    • Published: Mar. 14, 2024
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2021-37095

    There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.93
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0323

    The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the aff... Read more

    Affected Products : automation_runtime
    • EPSS Score: %0.09
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37084

    There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious invoking other functions of the Smart Assistant through text messages.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.24
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36965

    Windows WLAN AutoConfig Service Remote Code Execution Vulnerability... Read more

    • EPSS Score: %1.10
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36989

    There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.... Read more

    Affected Products : emui magic_ui
    • EPSS Score: %0.17
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36916

    The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple heade... Read more

    Affected Products : hide_my_wp
    • EPSS Score: %0.61
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51887

    Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.... Read more

    Affected Products : mathtex
    • EPSS Score: %3.18
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-36880

    Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.... Read more

    Affected Products : ulisting
    • EPSS Score: %3.56
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36936

    Windows Print Spooler Remote Code Execution Vulnerability... Read more

    • EPSS Score: %3.55
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36707

    In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system.... Read more

    Affected Products : prc2402m_firmware prc2402m
    • EPSS Score: %11.79
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36623

    Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.... Read more

    • EPSS Score: %0.42
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36581

    Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.... Read more

    Affected Products : kooboo_cms
    • EPSS Score: %0.61
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-44351

    Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.... Read more

    Affected Products : coldfusion
    • EPSS Score: %32.01
    • Published: Nov. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36705

    In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.... Read more

    Affected Products : prc2402m_firmware prc2402m
    • EPSS Score: %11.79
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42282

    The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.... Read more

    Affected Products : ip
    • EPSS Score: %0.40
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2021-36706

    In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system.... Read more

    Affected Products : prc2402m_firmware prc2402m
    • EPSS Score: %11.79
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36351

    SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.... Read more

    • EPSS Score: %0.48
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36393

    In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.... Read more

    Affected Products : moodle
    • EPSS Score: %24.95
    • Published: Mar. 06, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292508 Results