Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2021-21428

    Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.cre... Read more

    Affected Products : openapi_generator
    • EPSS Score: %0.05
    • Published: May. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-32238

    Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Overflow. Stack-based buffer overflow occurs when Rocket League handles UPK object files that can result in code execution and denial of service scenario.... Read more

    Affected Products : rocket_league
    • EPSS Score: %0.63
    • Published: May. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-5023

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0.... Read more

    Affected Products : consoleme
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-27954

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-0481

    In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ne... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-1542

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating syste... Read more

    • EPSS Score: %0.38
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-20745

    Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.... Read more

    Affected Products : inkdrop
    • EPSS Score: %0.42
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-15408

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected softwa... Read more

    • EPSS Score: %0.23
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2018-1742

    IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. I... Read more

    Affected Products : security_key_lifecycle_manager
    • EPSS Score: %0.02
    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-32826

    Proxyee-Down is open source proxy software. An attacker being able to provide an extension script (eg: through a MiTM attack or by hosting a malicious extension) may be able to run arbitrary commands on the system running Proxyee-Down. For more details in... Read more

    Affected Products : proxyee-down
    • EPSS Score: %0.24
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-39373

    TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with administrative privileges.... Read more

    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-2882

    SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA syst... Read more

    Affected Products : pnpscada
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-38368

    trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to d... Read more

    Affected Products : trunk.cocoapods.org
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-28580

    Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffer overflow vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. ... Read more

    Affected Products : medium rift rift_s touch
    • EPSS Score: %2.27
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-4976

    A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.... Read more

    Affected Products :
    • Published: Jul. 17, 2024
    • Modified: Apr. 10, 2025

  • 9.3

    HIGH
    CVE-2021-40847

    The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the ... Read more

    • EPSS Score: %6.13
    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-38112

    In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.... Read more

    Affected Products : aws_workspaces
    • EPSS Score: %28.52
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-40710

    Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is req... Read more

    Affected Products : premiere_pro windows
    • EPSS Score: %4.00
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-40715

    Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is req... Read more

    Affected Products : premiere_pro windows
    • EPSS Score: %1.63
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-24016

    An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsa... Read more

    Affected Products : fortimanager
    • EPSS Score: %0.14
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291573 Results