Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-44347

    SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php.... Read more

    Affected Products : tuzicms tuzicms
    • Published: Dec. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36564

    ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php.... Read more

    Affected Products : thinkphp
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40091

    An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.... Read more

    Affected Products : squaredup
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44677

    An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP serv... Read more

    Affected Products : enterprise_vault
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3815

    utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Read more

    Affected Products : utils.js
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3817

    wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command... Read more

    Affected Products : wbce_cms
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42099

    Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.... Read more

    Affected Products : manageengine_m365_manager_plus
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23700

    All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function.... Read more

    Affected Products : merge-deep2
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44833

    The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.... Read more

    Affected Products : opensearch aws_opensearch
    • Published: Dec. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41844

    Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.... Read more

    Affected Products : jetengine
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43225

    Bot Framework SDK Remote Code Execution Vulnerability... Read more

    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44653

    Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the applic... Read more

    Affected Products : online_magazine_management_system
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-32665

    In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue I... Read more

    • Published: Jan. 03, 2023
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2021-4119

    bookstack is vulnerable to Improper Access Control... Read more

    Affected Products : bookstack
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44525

    Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.... Read more

    Affected Products : manageengine_pam360
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7631

    Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication.... Read more

    Affected Products : epicentro
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40418

    When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction ... Read more

    Affected Products : davinci_resolve
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45627

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.... Read more

    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-25024

    An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption.... Read more

    Affected Products : actix-web
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-36513

    An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.... Read more

    Affected Products : acc_reader
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293609 Results