Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-32117

    Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.... Read more

    Affected Products : integrate_google_drive
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2021-38294

    A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to auth... Read more

    Affected Products : storm
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38173

    Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.... Read more

    Affected Products : fedora debian_linux btrbk
    • Published: Aug. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37931

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.... Read more

    Affected Products : manageengine_admanager_plus
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37929

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.... Read more

    Affected Products : manageengine_admanager_plus
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37928

    Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.... Read more

    Affected Products : manageengine_admanager_plus
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37592

    Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.... Read more

    Affected Products : suricata
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36365

    Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.... Read more

    Affected Products : nagios_xi
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31985

    A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.... Read more

    Affected Products : br-6428ns_firmware br-6428ns
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2018-3191

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attack... Read more

    Affected Products : weblogic_server
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31986

    A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations.... Read more

    Affected Products : br-6428ns_firmware br-6428ns
    • Published: May. 15, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2021-3586

    A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to... Read more

    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32015

    Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more

    • Published: Jun. 14, 2023
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-32014

    Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more

    • Published: Jun. 14, 2023
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-32002

    The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x... Read more

    Affected Products : node.js
    • Published: Aug. 21, 2023
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-31902

    RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).... Read more

    Affected Products : mobile_mouse
    • Published: May. 17, 2023
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-31704

    Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.... Read more

    Affected Products : online_computer_and_laptop_store
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31654

    Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.... Read more

    Affected Products : redisraft
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-42299

    Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.... Read more

    Affected Products : openimageio
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34523

    Microsoft Exchange Server Elevation of Privilege Vulnerability... Read more

    Affected Products : exchange_server
    • Actively Exploited
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293609 Results