Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2022-39003

    Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components.... Read more

    Affected Products : emui magic_ui
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-39008

    The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 9.1

    CRITICAL
    CVE-2022-35937

    TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is ... Read more

    Affected Products : tensorflow
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-22062

    An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial I... Read more

    • Published: Sep. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-36066

    Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbit... Read more

    Affected Products : discourse
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-42002

    SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, lead... Read more

    Affected Products : sonicjs
    • Published: Oct. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1523

    Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information.... Read more

    Affected Products : d300win
    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-33897

    A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnera... Read more

    Affected Products : r1510_firmware r1510
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2016-8565

    Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.... Read more

    Affected Products : automation_license_manager
    • Published: Oct. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2024-6584

    The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs.... Read more

    Affected Products : jetpack_boost
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-48865

    Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop headers. Fabio adds ... Read more

    Affected Products : fabio
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-48935

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patc... Read more

    Affected Products : deno
    • Published: Jun. 04, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-46117

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its ... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2016-9272

    A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.... Read more

    Affected Products : exponent_cms
    • Published: Nov. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.1

    CRITICAL
    CVE-2021-21819

    A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnera... Read more

    Affected Products : dir-3040_firmware dir-3040
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-5322

    Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands ... Read more

    Affected Products : emc_openmanage_enterprise-modular
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-32825

    bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers ... Read more

    Affected Products : bblfshd
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-30856

    This issue was addressed by adding a new Remote Login option for opting into Full Disk Access for Secure Shell sessions. This issue is fixed in macOS Big Sur 11.3. A malicious unsandboxed app on a system with Remote Login enabled may bypass Privacy prefer... Read more

    Affected Products : macos
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-20495

    bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.... Read more

    Affected Products : bludit
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-36028

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to ac... Read more

    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results