Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-33913

    libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in sp... Read more

    Affected Products : libspf2
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33924

    Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information.... Read more

    Affected Products : ansible
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27518

    Unauthenticated remote arbitrary code execution ... Read more

    • Actively Exploited
    • Published: Dec. 13, 2022
    • Modified: Feb. 14, 2025

  • 9.8

    CRITICAL
    CVE-2021-33912

    libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf ... Read more

    Affected Products : debian_linux libspf2
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33925

    SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.... Read more

    Affected Products : cms-corephp
    • Published: Feb. 15, 2023
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-33911

    Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.... Read more

    Affected Products : manageengine_admanager_plus
    • Published: Jul. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26143

    The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic... Read more

    Affected Products : micollab mivoice_business_express
    • Actively Exploited
    • Published: Mar. 10, 2022
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2021-33806

    The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.... Read more

    Affected Products : bdlib
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24990

    TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.... Read more

    • Actively Exploited
    • Published: Feb. 07, 2023
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-33949

    An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.... Read more

    Affected Products : wms
    • Published: Feb. 17, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2021-33757

    Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability... Read more

    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23085

    A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged pro... Read more

    Affected Products : freebsd
    • Published: Feb. 15, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2021-33797

    Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.... Read more

    Affected Products : mujs
    • Published: Apr. 17, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-51888

    Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2022-34821

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router... Read more

    • Published: Jul. 12, 2022
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-21306

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    Affected Products : weblogic_server
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33635

    When malicious images are pulled by isula pull, attackers can execute arbitrary code.... Read more

    Affected Products : isula
    • Published: Oct. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-51800

    Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.... Read more

    Affected Products : homey
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2021-33485

    CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.... Read more

    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33543

    Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.... Read more

    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293335 Results