Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-36986

    There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.... Read more

    Affected Products : emui magic_ui
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36548

    A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.... Read more

    Affected Products : monstra
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41646

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..... Read more

    Affected Products : online_reviewer_system
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41194

    FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions prior to 1.0.0 allows unauthorized access to an... Read more

    Affected Products : first_use_authenticator
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-36377

    An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.... Read more

    Affected Products : aaptjs
    • Published: Oct. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-36378

    An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.... Read more

    Affected Products : aaptjs
    • Published: Oct. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-36381

    An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.... Read more

    Affected Products : aaptjs
    • Published: Oct. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26739

    SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.... Read more

    Affected Products : doyocms doyocms
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-6416

    An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.... Read more

    Affected Products : sysgauge
    • Published: Mar. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7780

    SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.... Read more

    Affected Products : exponent_cms
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7784

    SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.... Read more

    Affected Products : exponent_cms
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-24000

    SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.... Read more

    Affected Products : eyoucms
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23509

    This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.... Read more

    Affected Products : json-ptr
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25508

    Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.... Read more

    Affected Products : smartthings
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28023

    Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.... Read more

    Affected Products : servicetonic
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43200

    In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.... Read more

    Affected Products : teamcity
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23874

    pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode.... Read more

    Affected Products : pdf2xml
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43573

    A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.... Read more

    Affected Products : rtl8195am_firmware rtl8195am
    • Published: Nov. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43272

    An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage th... Read more

    Affected Products : oda_viewer
    • Published: Nov. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41765

    A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of... Read more

    Affected Products : resourcespace
    • Published: Nov. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293306 Results