Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2021-42640

    PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.... Read more

    Affected Products : web_stack
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-22544

    Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered ... Read more

    Affected Products : solution_manager
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-22805

    A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA ... Read more

    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-11144

    Buffer over-read while UE process invalid DL ROHC packet for decompression due to lack of check of size of compresses packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Io... Read more

    Affected Products : apq8009 apq8009w apq8017 apq8037 apq8053 apq8084 apq8096au aqt1000 ar6003 ar8035 +404 more products
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-0482

    Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.... Read more

    Affected Products : easyappointments
    • Published: Mar. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-46501

    An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.... Read more

    Affected Products : boltwire
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-7245

    An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to chan... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-5559

    The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.... Read more

    Affected Products : 10web_booster
    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-5965

    An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.... Read more

    Affected Products : espocrm
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-40302

    NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability... Read more

    Affected Products : ngeniuspulse
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-36649

    Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticate... Read more

    Affected Products : cryptospike
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-48225

    Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 synta... Read more

    Affected Products : laf
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2016-9121

    go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static... Read more

    Affected Products : go-jose
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2020-8570

    Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite a... Read more

    Affected Products : java
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-47702

    IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Fo... Read more

    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-21890

    A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch... Read more

    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2023-49777

    Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0. ... Read more

    Affected Products : yith_woocommerce_product_add-ons
    • Published: Dec. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-21737

    In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This l... Read more

    Affected Products : application_interface_framework
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-46025

    Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page.... Read more

    Affected Products : n200re_v5_firmware n200re_v5
    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-22354

    There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read.... Read more

    Affected Products : emui magic_ui
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results