Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2016-6658

    Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the ... Read more

    • EPSS Score: %0.31
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-41420

    A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a use... Read more

    Affected Products : avideo
    • Published: Jul. 24, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2024-11045

    A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on... Read more

    Affected Products : stable-diffusion-webui
    • Published: Mar. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 9.6

    CRITICAL
    CVE-2025-3621

    Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.  * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use o... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.6

    CRITICAL
    CVE-2018-7360

    All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service.... Read more

    Affected Products : zxhn_f670_firmware zxhn_f670
    • EPSS Score: %0.10
    • Published: Nov. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-18864

    Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.... Read more

    Affected Products : enterprise_va_max
    • EPSS Score: %0.93
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-3709

    IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the conte... Read more

    Affected Products : emc_isilonsd_management_server
    • EPSS Score: %0.54
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-15074

    The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is ... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.89
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-13364

    admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.... Read more

    Affected Products : piwigo
    • EPSS Score: %0.30
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-13923

    A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a mal... Read more

    • EPSS Score: %0.50
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-17330

    The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scri... Read more

    Affected Products : ebx
    • EPSS Score: %0.30
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-15897

    beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks).... Read more

    Affected Products : beegfs
    • EPSS Score: %0.18
    • Published: Dec. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-20374

    A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability ... Read more

    Affected Products : linux_kernel macos typora
    • EPSS Score: %2.17
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2014-5039

    Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : eucalyptus_management_console
    • EPSS Score: %0.59
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-9758

    An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege es... Read more

    Affected Products : livezilla
    • EPSS Score: %2.40
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-0872

    A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspe... Read more

    Affected Products : application_inspector
    • EPSS Score: %4.01
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-19676

    A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers. By entering formula code in the following columns: Kundennummer, Firma, Street, PLZ, Ort, Zahlziel, and Bemerkung, an attacker can create a user with a... Read more

    Affected Products : arxes-tolina
    • EPSS Score: %0.44
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-14426

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 be... Read more

    • EPSS Score: %0.10
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-14427

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 be... Read more

    • EPSS Score: %0.10
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-14428

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 be... Read more

    • EPSS Score: %0.19
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results