Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-3466

    A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulner... Read more

    Affected Products : enterprise_linux fedora libmicrohttpd
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-52377

    Unrestricted Upload of File with Dangerous Type vulnerability in BdThemes Instant Image Generator allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through 1.5.4.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 10.0

    HIGH
    CVE-2021-39737

    Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A... Read more

    Affected Products : android
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39710

    Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A... Read more

    Affected Products : android
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39723

    Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A... Read more

    Affected Products : android
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39645

    Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39708

    In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39675

    In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produc... Read more

    Affected Products : android
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39623

    In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-39296

    In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.... Read more

    Affected Products : openbmc
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-39199

    remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user i... Read more

    Affected Products : remark-html
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38759

    Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.... Read more

    Affected Products : raspberry_pi_os_lite
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38613

    The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution.... Read more

    Affected Products : remkon_device_manager
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38611

    A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.... Read more

    Affected Products : remkon_device_manager
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-47875

    DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.... Read more

    Affected Products : dompurify
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 10.0

    CRITICAL
    CVE-2021-38516

    Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 befor... Read more

    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38513

    Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before ... Read more

    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-38397

    Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.... Read more

    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38393

    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agi... Read more

    Affected Products : diaenergie
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38306

    Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.... Read more

    Affected Products : n1t1_firmware n1t1 n1t1dd1
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293493 Results