Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2024-40085

    A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 23, 2024

  • 9.6

    CRITICAL
    CVE-2024-3379

    In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to r... Read more

    Affected Products : lunary
    • Published: Nov. 14, 2024
    • Modified: Nov. 18, 2024

  • 9.6

    CRITICAL
    CVE-2021-21248

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy cl... Read more

    Affected Products : onedev
    • EPSS Score: %0.43
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21249

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default (when not... Read more

    Affected Products : onedev
    • EPSS Score: %1.33
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21226

    Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • EPSS Score: %1.35
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21154

    Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora chrome
    • EPSS Score: %0.85
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21142

    Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora chrome macos
    • EPSS Score: %0.61
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21151

    Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora chrome
    • EPSS Score: %0.73
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21121

    Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %1.55
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21111

    Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.... Read more

    Affected Products : fedora debian_linux chrome
    • EPSS Score: %0.45
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21106

    Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • EPSS Score: %4.04
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21108

    Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • EPSS Score: %1.31
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21107

    Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : linux_kernel fedora debian_linux chrome
    • EPSS Score: %1.31
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21110

    Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • EPSS Score: %23.07
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21115

    User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • EPSS Score: %1.31
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-20790

    Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.... Read more

    Affected Products : revoworks_browser
    • EPSS Score: %0.63
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-20195

    A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. T... Read more

    Affected Products : keycloak single_sign-on
    • EPSS Score: %0.30
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2011-3642

    Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a... Read more

    Affected Products : flowplayer_flash
    • EPSS Score: %8.90
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2016-6256

    SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC... Read more

    Affected Products : business_one
    • EPSS Score: %10.06
    • Published: May. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2016-5568

    Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.... Read more

    Affected Products : jdk jre
    • EPSS Score: %1.23
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292425 Results