Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-22730

    A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prio... Read more

    • EPSS Score: %0.35
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26606

    A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HT... Read more

    Affected Products : windows magicline4nx.exe
    • EPSS Score: %0.36
    • Published: Aug. 06, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-34990

    In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFro... Read more

    Affected Products :
    • Published: Jun. 19, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-36679

    In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method `Lcp::saveTranslations()` suffer of a white writer that can inject PHP code into a PHP file.... Read more

    Affected Products :
    • Published: Jun. 19, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38197

    unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.... Read more

    Affected Products : go-unarr
    • EPSS Score: %0.87
    • Published: Aug. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-23420

    This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.... Read more

    Affected Products : codeception
    • EPSS Score: %0.58
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-6240

    Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, e... Read more

    Affected Products : parallels_desktop
    • Published: Jun. 21, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-36532

    Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : kruise
    • Published: Jun. 21, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20509

    IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.... Read more

    • EPSS Score: %0.76
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-37228

    Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38.... Read more

    Affected Products : instawp_connect
    • Published: Jun. 24, 2024
    • Modified: Feb. 06, 2025

  • 10.0

    CRITICAL
    CVE-2023-50029

    PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate() method.... Read more

    Affected Products :
    • Published: Jun. 24, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-6297

    Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is use... Read more

    Affected Products : social_warfare
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-18758

    An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.... Read more

    Affected Products : mac1100_plc_firmware mac1100_plc
    • EPSS Score: %0.90
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-32588

    A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploadi... Read more

    Affected Products : fortiportal
    • EPSS Score: %31.04
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-38513

    Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id value, resulting in ... Read more

    Affected Products : fiber
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15744

    Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions.... Read more

    Affected Products : pc420_firmware pc420
    • EPSS Score: %0.37
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-1946

    Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile... Read more

    • EPSS Score: %0.22
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-37181

    A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All ve... Read more

    • EPSS Score: %1.10
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-1976

    A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Weara... Read more

    • EPSS Score: %0.28
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-40628

    JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible pl... Read more

    Affected Products : jumpserver
    • Published: Jul. 18, 2024
    • Modified: Mar. 25, 2025
Showing 20 of 291564 Results