Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-45682

    An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations.... Read more

    Affected Products : bronzedb-protocol
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45693

    An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations.... Read more

    Affected Products : messagepack-rs
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45697

    An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result.... Read more

    Affected Products : molecule
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45709

    An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur.... Read more

    Affected Products : crypto2
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43857

    Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.... Read more

    Affected Products : gerapy
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21238

    An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.... Read more

    Affected Products : cscms
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20082

    ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.... Read more

    Affected Products : rt-n53_firmware rt-n53
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7615

    A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack... Read more

    Affected Products : fh1206_firmware fh1206
    • Published: Aug. 12, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22847

    Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication).... Read more

    Affected Products : lasernet
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7078

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects Semtek Sempos: through 31072024.... Read more

    Affected Products : semtek_sempos
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2022-22989

    My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues. ... Read more

    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34993

    This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The is... Read more

    Affected Products : commcell commvault
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38682

    A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following ver... Read more

    Affected Products : qvr_elite qvr_guard qvr_pro
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38690

    A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following ver... Read more

    Affected Products : qvr_elite qvr_guard qvr_pro
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38691

    A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following ver... Read more

    Affected Products : qvr_elite qvr_guard qvr_pro
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8569

    A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file user-login.php. The manipulation of the argument username leads to sql inject... Read more

    • Published: Sep. 08, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-6924

    The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.... Read more

    Affected Products : truebooker
    • Published: Sep. 08, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-44849

    Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.... Read more

    Affected Products : qualitor
    • Published: Sep. 09, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-39581

    Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbit... Read more

    Affected Products : insightiq
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 9.8

    CRITICAL
    CVE-2023-37226

    Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: May. 29, 2025
Showing 20 of 293612 Results