Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2020-3886

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with ... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.35
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-0870

    In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android... Read more

    Affected Products : android
    • EPSS Score: %0.95
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-30285

    Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrast... Read more

    • EPSS Score: %0.04
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-42500

    HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services.... Read more

    Affected Products :
    • Published: Sep. 09, 2024
    • Modified: Sep. 10, 2024

  • 9.3

    CRITICAL
    CVE-2024-34334

    ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.... Read more

    Affected Products : ordat.erp
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 9.3

    CRITICAL
    CVE-2024-47350

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0.... Read more

    Affected Products : yith_woocommerce_ajax_search
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 9.3

    CRITICAL
    CVE-2023-52952

    A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 9.3

    CRITICAL
    CVE-2024-47562

    A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, low... Read more

    Affected Products : sinec_security_monitor
    • Published: Oct. 08, 2024
    • Modified: Oct. 11, 2024

  • 9.3

    CRITICAL
    CVE-2024-47830

    Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. ... Read more

    Affected Products : plane
    • Published: Oct. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.3

    CRITICAL
    CVE-2024-46538

    A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.... Read more

    Affected Products : pfsense
    • Published: Oct. 22, 2024
    • Modified: Oct. 30, 2024

  • 9.3

    CRITICAL
    CVE-2024-20412

    A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to th... Read more

    • Published: Oct. 23, 2024
    • Modified: Nov. 05, 2024

  • 9.3

    CRITICAL
    CVE-2024-48548

    The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 9.3

    HIGH
    CVE-2021-39701

    In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additi... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8531

    A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT E... Read more

    • EPSS Score: %18.68
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-1942

    Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snap... Read more

    • EPSS Score: %0.05
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-51757

    happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advis... Read more

    Affected Products :
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 9.3

    CRITICAL
    CVE-2024-50966

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Nov. 08, 2024
    • Modified: May. 28, 2025

  • 9.3

    HIGH
    CVE-2021-21956

    A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulner... Read more

    Affected Products : imunify360
    • EPSS Score: %0.41
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-9832

    There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to ... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 9.3

    CRITICAL
    CVE-2024-48971

    The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician p... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024
Showing 20 of 291783 Results