Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-21994

    AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login infor... Read more

    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9789

    Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vu... Read more

    Affected Products : firefox
    • Published: Apr. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-21990

    ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials. ... Read more

    • Published: Apr. 17, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2020-10109

    In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined ... Read more

    • Published: Mar. 12, 2020
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2018-14719

    FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.... Read more

    • Published: Jan. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21865

    ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.... Read more

    Affected Products : thinkphp50-cms
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24094

    Windows TCP/IP Remote Code Execution Vulnerability... Read more

    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20231

    A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.... Read more

    • Published: Mar. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-21762

    A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 throug... Read more

    Affected Products : fortios fortiproxy
    • Actively Exploited
    • Published: Feb. 09, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-21741

    GigaDevice GD32E103C8T6 devices have Incorrect Access Control.... Read more

    Affected Products :
    • Published: Jun. 25, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2021-28802

    A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4... Read more

    Affected Products : quts_hero qts
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21784

    phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.... Read more

    Affected Products : phpwcms
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21726

    OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.... Read more

    Affected Products : opensns
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21809

    SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.... Read more

    Affected Products : nukeviet
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-28392

    SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method.... Read more

    Affected Products :
    • Published: Mar. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-28288

    Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterpri... Read more

    Affected Products : rg-nbr700gw_firmware rg-nbr700gw
    • Published: Mar. 30, 2024
    • Modified: Jun. 30, 2025

  • 9.8

    CRITICAL
    CVE-2012-4750

    A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service... Read more

    Affected Products : ezserver
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21652

    Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method.... Read more

    Affected Products : myucms
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10071

    In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.... Read more

    Affected Products : ubuntu_linux zsh
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21585

    Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.... Read more

    Affected Products : emlog
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results