Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2022-20712

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more

    • EPSS Score: %2.18
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-20707

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more

    • EPSS Score: %82.29
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-20706

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more

    • EPSS Score: %2.55
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-20699

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more

    • Actively Exploited
    • EPSS Score: %90.39
    • Published: Feb. 10, 2022
    • Modified: Mar. 13, 2025

  • 10.0

    HIGH
    CVE-2021-45382

    A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all... Read more

    • Actively Exploited
    • EPSS Score: %94.23
    • Published: Feb. 17, 2022
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2021-43907

    Visual Studio Code WSL Extension Remote Code Execution Vulnerability... Read more

    Affected Products : windows_subsystem_for_linux
    • EPSS Score: %5.08
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10189

    Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.... Read more

    Affected Products : manageengine_desktop_central
    • Actively Exploited
    • EPSS Score: %94.25
    • Published: Mar. 06, 2020
    • Modified: Mar. 14, 2025

  • 10.0

    CRITICAL
    CVE-2021-34770

    A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code w... Read more

    • EPSS Score: %1.06
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-33907

    The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privilege... Read more

    Affected Products : meetings
    • EPSS Score: %4.39
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3331

    WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// U... Read more

    Affected Products : winscp
    • EPSS Score: %5.58
    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-5347

    A remote authentication bypass vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %20.93
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-9548

    Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.... Read more

    Affected Products : application_delivery_management
    • EPSS Score: %0.53
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3064

    A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The ... Read more

    Affected Products : pan-os prisma_access
    • EPSS Score: %49.22
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-30116

    Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x... Read more

    Affected Products : vsa_agent vsa_server
    • Actively Exploited
    • EPSS Score: %18.05
    • Published: Jul. 09, 2021
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2021-29203

    A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication le... Read more

    Affected Products : edgeline_infrastructure_manager
    • EPSS Score: %87.05
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-8248

    Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .... Read more

    Affected Products : macos windows illustrator_cc
    • EPSS Score: %4.56
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-8247

    Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .... Read more

    Affected Products : macos windows illustrator_cc
    • EPSS Score: %4.56
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-28481

    Microsoft Exchange Server Remote Code Execution Vulnerability... Read more

    Affected Products : exchange_server
    • EPSS Score: %3.80
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-28480

    Microsoft Exchange Server Remote Code Execution Vulnerability... Read more

    Affected Products : exchange_server
    • EPSS Score: %67.80
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27561

    Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.... Read more

    Affected Products : device_management
    • Actively Exploited
    • EPSS Score: %94.11
    • Published: Oct. 15, 2021
    • Modified: Feb. 04, 2025
Showing 20 of 291526 Results