Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-38197

    unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.... Read more

    Affected Products : go-unarr
    • EPSS Score: %0.87
    • Published: Aug. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-23420

    This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.... Read more

    Affected Products : codeception
    • EPSS Score: %0.58
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-6240

    Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, e... Read more

    Affected Products : parallels_desktop
    • Published: Jun. 21, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-36532

    Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : kruise
    • Published: Jun. 21, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20509

    IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.... Read more

    • EPSS Score: %0.41
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-37228

    Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38.... Read more

    Affected Products : instawp_connect
    • Published: Jun. 24, 2024
    • Modified: Feb. 06, 2025

  • 10.0

    CRITICAL
    CVE-2023-50029

    PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate() method.... Read more

    Affected Products :
    • Published: Jun. 24, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-6297

    Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is use... Read more

    Affected Products : social_warfare
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-18758

    An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.... Read more

    Affected Products : mac1100_plc_firmware mac1100_plc
    • EPSS Score: %1.18
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-32588

    A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploadi... Read more

    Affected Products : fortiportal
    • EPSS Score: %31.04
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-38513

    Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id value, resulting in ... Read more

    Affected Products : fiber
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15744

    Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions.... Read more

    Affected Products : pc420_firmware pc420
    • EPSS Score: %0.37
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-1946

    Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile... Read more

    • EPSS Score: %0.22
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-37181

    A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All ve... Read more

    • EPSS Score: %1.10
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-1976

    A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Weara... Read more

    • EPSS Score: %0.28
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-40628

    JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible pl... Read more

    Affected Products : jumpserver
    • Published: Jul. 18, 2024
    • Modified: Mar. 25, 2025

  • 10.0

    CRITICAL
    CVE-2020-26301

    ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library ca... Read more

    Affected Products : windows ssh2
    • EPSS Score: %5.07
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-2807

    ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp.... Read more

    Affected Products : speedy_asp_discussion_forum
    • EPSS Score: %3.74
    • Published: Jun. 05, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2021-34730

    A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, ... Read more

    • EPSS Score: %35.78
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-23857

    Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.... Read more

    • EPSS Score: %0.44
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290958 Results