Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-36365

    Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %1.00
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36363

    Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %1.00
    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3586

    A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to... Read more

    • EPSS Score: %0.44
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35474

    Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.... Read more

    Affected Products : debian_linux traffic_server
    • EPSS Score: %6.34
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-3476

    Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.... Read more

    Affected Products : data_protector
    • EPSS Score: %1.78
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34523

    Microsoft Exchange Server Elevation of Privilege Vulnerability... Read more

    Affected Products : exchange_server
    • Actively Exploited
    • EPSS Score: %94.07
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33564

    An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs becau... Read more

    Affected Products : dragonfly
    • EPSS Score: %91.18
    • Published: May. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33026

    The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they c... Read more

    Affected Products : flask-caching
    • EPSS Score: %19.11
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16119

    SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.... Read more

    Affected Products : photo_gallery
    • EPSS Score: %29.39
    • Published: Sep. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31915

    In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.... Read more

    Affected Products : teamcity
    • EPSS Score: %0.16
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31914

    In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.... Read more

    Affected Products : windows teamcity
    • EPSS Score: %0.04
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31909

    In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.... Read more

    Affected Products : teamcity
    • EPSS Score: %0.15
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31886

    A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versi... Read more

    • EPSS Score: %3.89
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31800

    Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achi... Read more

    Affected Products : fedora impacket
    • EPSS Score: %39.21
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3129

    Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with La... Read more

    Affected Products : laravel ignition
    • Actively Exploited
    • EPSS Score: %94.29
    • Published: Jan. 12, 2021
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2017-20029

    A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotel... Read more

    Affected Products : phplist
    • EPSS Score: %1.73
    • Published: Jun. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31166

    HTTP Protocol Stack Remote Code Execution Vulnerability... Read more

    • Actively Exploited
    • EPSS Score: %92.96
    • Published: May. 11, 2021
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2019-16746

    An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.... Read more

    • EPSS Score: %1.11
    • Published: Sep. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30820

    A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8. A remote attacker may be able to cause arbitrary code execution.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %2.13
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30690

    Multiple issues in apache were addressed by updating apache to version 2.4.46. This issue is fixed in Security Update 2021-004 Mojave. Multiple issues in apache.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.50
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292016 Results