Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-7012

    Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Mediu... Read more

    Affected Products : chrome
    • Published: Jul. 16, 2024
    • Modified: Dec. 26, 2024

  • 9.6

    CRITICAL
    CVE-2024-5619

    Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apinizer Management Console: before 2024.05.1.... Read more

    Affected Products :
    • Published: Jul. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-41127

    Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-... Read more

    Affected Products : monkeytype
    • Published: Aug. 02, 2024
    • Modified: Sep. 11, 2024

  • 9.6

    CRITICAL
    CVE-2024-6522

    The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level acces... Read more

    • Published: Aug. 07, 2024
    • Modified: Mar. 01, 2025

  • 9.6

    CRITICAL
    CVE-2024-38175

    An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.... Read more

    • Published: Aug. 20, 2024
    • Modified: Jan. 29, 2025

  • 9.6

    CRITICAL
    CVE-2024-44779

    A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products : vtiger_crm
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 9.6

    CRITICAL
    CVE-2022-30584

    Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4... Read more

    Affected Products : archer
    • EPSS Score: %0.50
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-26636

    Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.76
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2016-1524

    Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, a... Read more

    • EPSS Score: %68.17
    • Published: Feb. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2022-31105

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or ... Read more

    Affected Products : argo-cd argo_cd
    • EPSS Score: %0.24
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-14431

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 be... Read more

    • EPSS Score: %0.20
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-24023

    A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerabil... Read more

    • EPSS Score: %0.12
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-2733

    Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.... Read more

    Affected Products : openemr
    • EPSS Score: %88.19
    • Published: Aug. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-2485

    Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.... Read more

    • EPSS Score: %0.10
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-38339

    Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.... Read more

    Affected Products : fme_server
    • EPSS Score: %0.57
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-8976

    The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and tri... Read more

    • EPSS Score: %0.25
    • Published: Oct. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-25022

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 9.6

    CRITICAL
    CVE-2025-6514

    mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 9.6

    CRITICAL
    CVE-2021-21802

    This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.... Read more

    Affected Products : r-seenet
    • EPSS Score: %75.25
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-28813

    A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the ... Read more

    • EPSS Score: %0.38
    • Published: Sep. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291773 Results