Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-28960

    Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.... Read more

    Affected Products : desktop_central
    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28890

    J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL s... Read more

    Affected Products : j2eefast
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28967

    The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.... Read more

    Affected Products : visual_studio_code matlab
    • Published: Mar. 24, 2021
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-49775

    A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All version... Read more

    • Published: Dec. 16, 2024
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2021-28834

    Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.... Read more

    Affected Products : fedora debian_linux kramdown
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28879

    In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.... Read more

    Affected Products : fedora rust
    • Published: Apr. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8778

    Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers... Read more

    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2021-28793

    vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.... Read more

    Affected Products : restructuredtext
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5740

    The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.... Read more

    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-4643

    Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflo... Read more

    • Published: May. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-3253

    The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.... Read more

    • Published: Aug. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2021-28294

    Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).... Read more

    Affected Products : online_ordering_system
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28428

    File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; ... Read more

    Affected Products : horizontcms
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28293

    Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functional... Read more

    Affected Products : aisiem
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28300

    NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.... Read more

    Affected Products : gpac
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28235

    Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.... Read more

    Affected Products : etcd
    • Published: Apr. 04, 2023
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2021-28171

    The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.... Read more

    Affected Products : deltaflow
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28134

    Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.... Read more

    Affected Products : clipper
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9843

    The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.... Read more

    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-28032

    An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bound... Read more

    Affected Products : nano_arena
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results