Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-20067

    A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input 'or''=' leads to sql... Read more

    Affected Products : hindu_matrimonial_script
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8366

    Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.... Read more

    Affected Products : libraw
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20005

    NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex mod... Read more

    Affected Products : debian_linux nginx
    • Published: Jun. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20111

    A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The ... Read more

    Affected Products : teleopti_workforce_management
    • Published: Jun. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20029

    A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotel... Read more

    Affected Products : phplist
    • Published: Jun. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20095

    A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely.... Read more

    Affected Products : simple_ads_manager
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24115

    In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).... Read more

    Affected Products : botan
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24112

    .NET Core Remote Code Execution Vulnerability... Read more

    Affected Products : .net_core visual_studio_2019 .net mono
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29921

    In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.... Read more

    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1710

    A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.... Read more

    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-24077

    Windows Fax Service Remote Code Execution Vulnerability... Read more

    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24078

    Windows DNS Server Remote Code Execution Vulnerability... Read more

    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24044

    By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault ... Read more

    Affected Products : hermes
    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24045

    A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most Re... Read more

    Affected Products : hermes
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24042

    The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior t... Read more

    Affected Products : whatsapp whatsapp_desktop
    • Published: Jan. 04, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2021-24028

    An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.... Read more

    Affected Products : thrift
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24030

    The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0.... Read more

    Affected Products : gameroom
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24025

    Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0... Read more

    Affected Products : hhvm
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24007

    Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.... Read more

    Affected Products : fortimail
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-0244

    PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted bin... Read more

    Affected Products : debian_linux postgresql
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292767 Results