Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-43602

    Azure CycleCloud Remote Code Execution Vulnerability... Read more

    Affected Products : azure_cyclecloud
    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 9.9

    CRITICAL
    CVE-2021-38176

    Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successfu... Read more

    • EPSS Score: %0.72
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-37531

    SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level ... Read more

    • EPSS Score: %4.22
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-35683

    Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.047. Easily exploitable vulnerability allows low privileged attacker with network a... Read more

    • EPSS Score: %1.54
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-35049

    Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results i... Read more

    Affected Products : deception network
    • EPSS Score: %3.37
    • Published: Jun. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-52370

    Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support – WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 9.9

    CRITICAL
    CVE-2022-43405

    A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the ... Read more

    Affected Products : groovy_libraries
    • EPSS Score: %0.18
    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-34458

    Windows Kernel Remote Code Execution Vulnerability... Read more

    • EPSS Score: %1.26
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-34450

    Windows Hyper-V Remote Code Execution Vulnerability... Read more

    • EPSS Score: %1.26
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-28181

    NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, den... Read more

    • EPSS Score: %0.87
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-32834

    Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy s... Read more

    Affected Products : keti
    • EPSS Score: %0.33
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-32829

    ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Exe... Read more

    Affected Products : zstack rest_api
    • EPSS Score: %1.39
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-51478

    YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5.... Read more

    Affected Products : yeswiki
    • Published: Oct. 31, 2024
    • Modified: May. 09, 2025

  • 9.9

    CRITICAL
    CVE-2024-50480

    Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 9.9

    CRITICAL
    CVE-2020-6100

    An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger thi... Read more

    • EPSS Score: %0.42
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-32016

    An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled content) via directory traversal, potentially leading to remo... Read more

    Affected Products : asset_management
    • EPSS Score: %0.81
    • Published: Aug. 03, 2021
    • Modified: May. 30, 2025

  • 9.9

    CRITICAL
    CVE-2021-32008

    This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories.... Read more

    Affected Products : gatemanager
    • EPSS Score: %0.68
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-30120

    Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- Duri... Read more

    Affected Products : vsa
    • EPSS Score: %0.19
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-27449

    Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server.... Read more

    Affected Products : amegaview
    • EPSS Score: %1.08
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-1112

    An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.... Read more

    • EPSS Score: %1.36
    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292323 Results