Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-5069

    A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Mens Salon Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id lead... Read more

    • Published: May. 17, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2021-31251

    An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker ... Read more

    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15007

    A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulatio... Read more

    • Published: Jan. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25948

    Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.... Read more

    Affected Products : expand-hash
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23323

    There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.... Read more

    Affected Products : jerryscript
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25383

    An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.... Read more

    Affected Products : android dex
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21795

    A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an integer overflow that, in turn, leads to a heap buffer overflow. An attacker can... Read more

    Affected Products : imagegear
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32682

    elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder P... Read more

    Affected Products : elfinder
    • Published: Jun. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-29214

    SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.... Read more

    Affected Products : alumni_management_system
    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27388

    SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modific... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33622

    Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.... Read more

    Affected Products : singularity singularitypro
    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32928

    The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close P... Read more

    Affected Products : sentinel_ldk_run-time_environment
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22209

    SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.... Read more

    Affected Products : 74cms
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22211

    SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.... Read more

    Affected Products : 74cms
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21282

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. T... Read more

    Affected Products : contiki-ng
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21280

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfor... Read more

    Affected Products : contiki-ng
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-0516

    In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-1435

    Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector.... Read more

    Affected Products : joomla\!
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51637

    Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vu... Read more

    Affected Products : sante_pacs_server
    • Published: May. 22, 2024
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-4099

    The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection... Read more

    Affected Products : joy_of_text_lite joy_of_text
    • Published: Jan. 02, 2023
    • Modified: Apr. 10, 2025
Showing 20 of 293604 Results