Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2021-38097

    Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of... Read more

    Affected Products : pdf_fusion
    • EPSS Score: %1.39
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-38096

    Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. E... Read more

    Affected Products : pdf_fusion
    • EPSS Score: %1.42
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-42348

    FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.... Read more

    Affected Products : fogproject
    • Published: Aug. 02, 2024
    • Modified: Sep. 10, 2024

  • 9.3

    CRITICAL
    CVE-2024-6118

    A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.... Read more

    Affected Products : meetinghub_paperless_meetings
    • Published: Aug. 05, 2024
    • Modified: Aug. 30, 2024

  • 9.3

    CRITICAL
    CVE-2024-6915

    JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning.... Read more

    Affected Products : artifactory
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.3

    HIGH
    CVE-2021-37363

    An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level pr... Read more

    Affected Products : gestionale_open
    • EPSS Score: %0.20
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-4126

    Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.... Read more

    Affected Products : calibre
    • EPSS Score: %0.47
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-37074

    There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation.... Read more

    Affected Products : emui harmonyos magic_ui
    • EPSS Score: %0.14
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-7880

    The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.... Read more

    Affected Products : windows neors
    • EPSS Score: %0.73
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-3886

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with ... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.35
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-0870

    In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android... Read more

    Affected Products : android
    • EPSS Score: %0.95
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-30285

    Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrast... Read more

    • EPSS Score: %0.04
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-42500

    HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services.... Read more

    Affected Products :
    • Published: Sep. 09, 2024
    • Modified: Sep. 10, 2024

  • 9.3

    CRITICAL
    CVE-2024-34334

    ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.... Read more

    Affected Products : ordat.erp
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 9.3

    CRITICAL
    CVE-2024-47350

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0.... Read more

    Affected Products : yith_woocommerce_ajax_search
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 9.3

    CRITICAL
    CVE-2023-52952

    A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 9.3

    CRITICAL
    CVE-2024-47562

    A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, low... Read more

    Affected Products : sinec_security_monitor
    • Published: Oct. 08, 2024
    • Modified: Oct. 11, 2024

  • 9.3

    CRITICAL
    CVE-2024-47830

    Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. ... Read more

    Affected Products : plane
    • Published: Oct. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.3

    CRITICAL
    CVE-2024-46538

    A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.... Read more

    Affected Products : pfsense
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 9.3

    CRITICAL
    CVE-2024-20412

    A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to th... Read more

    • Published: Oct. 23, 2024
    • Modified: Nov. 05, 2024
Showing 20 of 291573 Results