Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-33008

    AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.... Read more

    Affected Products : system_platform
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32988

    FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : winproladder
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39275

    ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.... Read more

    • Published: Sep. 16, 2021
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2021-3756

    libmysofa is vulnerable to Heap-based Buffer Overflow... Read more

    Affected Products : fedora libmysofa
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-54492

    This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network ... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Dec. 12, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2021-32810

    crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of... Read more

    Affected Products : fedora crossbeam
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36186

    A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests... Read more

    Affected Products : fortiweb
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-51558

    This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, M... Read more

    Affected Products : aero wave_2.0
    • Published: Nov. 04, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2021-32744

    Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful... Read more

    Affected Products : online richdocumentscode
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32726

    Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain ... Read more

    Affected Products : nextcloud_server notes
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32563

    An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve cod... Read more

    Affected Products : thunar
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-51424

    An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the Owned.setOwner function. NOTE: this is disputed by third parties because the impact is limited to function ... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2021-31162

    In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.... Read more

    Affected Products : fedora rust
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-51260

    DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Oct. 31, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-51367

    An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file.... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-51139

    Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 ... Read more

    • Published: Feb. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-51360

    An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file... Read more

    • Published: May. 23, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-51065

    Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Oct. 31, 2024
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-51298

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.... Read more

    Affected Products : vigor3900_firmware vigor3900
    • Published: Oct. 30, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2021-28800

    A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS ... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293351 Results