Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-22738

    Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack.... Read more

    • EPSS Score: %0.18
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2008-2433

    The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers t... Read more

    • EPSS Score: %12.31
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2021-22474

    There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions.... Read more

    Affected Products : emui magic_ui
    • EPSS Score: %0.24
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18379

    In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.80
    • Published: Jul. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22566

    An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages fr... Read more

    Affected Products : fuchsia
    • EPSS Score: %0.01
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22431

    There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.... Read more

    Affected Products : emui harmonyos magic_ui
    • EPSS Score: %0.25
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18345

    The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.... Read more

    Affected Products : joomanager
    • EPSS Score: %3.33
    • Published: Aug. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22426

    There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.... Read more

    Affected Products : emui harmonyos magic_ui
    • EPSS Score: %0.25
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22375

    There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity.... Read more

    Affected Products : emui magic_ui
    • EPSS Score: %0.24
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18264

    An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5... Read more

    Affected Products : debian_linux phpmyadmin
    • EPSS Score: %0.32
    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22345

    There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds memory write.... Read more

    Affected Products : emui magic_ui
    • EPSS Score: %0.24
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18287

    An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter.... Read more

    Affected Products : stats
    • EPSS Score: %0.24
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18269

    An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans t... Read more

    Affected Products : linux_kernel glibc
    • EPSS Score: %1.98
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18289

    An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter.... Read more

    Affected Products : stats
    • EPSS Score: %0.24
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18211

    In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.... Read more

    Affected Products : ubuntu_linux imagemagick
    • EPSS Score: %0.39
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18194

    SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter.... Read more

    Affected Products : hamayeshnegar_cms
    • EPSS Score: %0.53
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18197

    In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.... Read more

    Affected Products : mxgraph
    • EPSS Score: %0.25
    • Published: Feb. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18206

    In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.... Read more

    Affected Products : ubuntu_linux zsh
    • EPSS Score: %0.67
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18187

    In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.... Read more

    Affected Products : debian_linux mbed_tls
    • EPSS Score: %0.56
    • Published: Feb. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2005-2103

    Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or ... Read more

    Affected Products : enterprise_linux gaim
    • EPSS Score: %25.85
    • Published: Aug. 16, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292734 Results