Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-47917

    Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The do... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Jul. 20, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2021-3756

    libmysofa is vulnerable to Heap-based Buffer Overflow... Read more

    Affected Products : fedora libmysofa
    • EPSS Score: %0.33
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36186

    A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests... Read more

    Affected Products : fortiweb
    • EPSS Score: %0.43
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-6965

    There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.... Read more

    Affected Products : sqlite
    • Published: Jul. 15, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2021-33390

    dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421.... Read more

    Affected Products : dpic
    • EPSS Score: %0.21
    • Published: Aug. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32563

    An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve cod... Read more

    Affected Products : thunar
    • EPSS Score: %0.91
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31162

    In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.... Read more

    Affected Products : fedora rust
    • EPSS Score: %0.83
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28800

    A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS ... Read more

    Affected Products : quts_hero qts qutscloud
    • EPSS Score: %0.78
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27734

    Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.... Read more

    Affected Products : hirschmann_hios hisecos
    • EPSS Score: %0.12
    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26937

    encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.... Read more

    Affected Products : fedora debian_linux screen
    • EPSS Score: %2.98
    • Published: Feb. 09, 2021
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2021-26569

    Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.... Read more

    • EPSS Score: %1.75
    • Published: Mar. 12, 2021
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2021-26109

    An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbit... Read more

    Affected Products : fortios
    • EPSS Score: %1.34
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24112

    .NET Core Remote Code Execution Vulnerability... Read more

    Affected Products : .net_core visual_studio_2019 .net mono
    • EPSS Score: %0.76
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24074

    Windows TCP/IP Remote Code Execution Vulnerability... Read more

    • EPSS Score: %14.39
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22930

    Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.... Read more

    • EPSS Score: %0.36
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22768

    A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is un... Read more

    • EPSS Score: %0.59
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22714

    A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution.... Read more

    • EPSS Score: %2.27
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22203

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to ... Read more

    Affected Products : gitlab
    • EPSS Score: %0.24
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-2064

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via II... Read more

    Affected Products : weblogic_server
    • EPSS Score: %29.69
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20308

    Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.... Read more

    Affected Products : debian_linux htmldoc
    • EPSS Score: %0.55
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291526 Results