Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2024-0550

    A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissio... Read more

    Affected Products : anythingllm
    • Published: Feb. 28, 2024
    • Modified: Jan. 10, 2025

  • 9.6

    CRITICAL
    CVE-2020-35124

    A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.... Read more

    Affected Products : mautic
    • EPSS Score: %1.14
    • Published: Jan. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-32692

    Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visit... Read more

    Affected Products : macos activitywatch
    • EPSS Score: %0.06
    • Published: Dec. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-2792

    An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can p... Read more

    Affected Products : marklogic
    • EPSS Score: %0.65
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-3679

    Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.... Read more

    Affected Products : data_center_manager
    • EPSS Score: %0.38
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2015-10073

    A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument conten... Read more

    Affected Products : wikiseo
    • EPSS Score: %0.13
    • Published: Feb. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-14443

    An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole ... Read more

    Affected Products : hub_2245-222_firmware hub_2245-222
    • EPSS Score: %0.62
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-32853

    Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from maliciou... Read more

    Affected Products : erxes
    • EPSS Score: %85.50
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-3329

    Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack... Read more

    Affected Products : zephyr
    • EPSS Score: %0.05
    • Published: Feb. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-19947

    Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage.... Read more

    Affected Products : markdown_edit
    • EPSS Score: %0.37
    • Published: Mar. 16, 2023
    • Modified: Feb. 26, 2025

  • 9.6

    CRITICAL
    CVE-2023-28131

    A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicio... Read more

    Affected Products : expo_software_development_kit
    • EPSS Score: %0.95
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 9.6

    CRITICAL
    CVE-2023-31126

    `org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes... Read more

    Affected Products : xwiki
    • EPSS Score: %3.27
    • Published: May. 09, 2023
    • Modified: Jan. 28, 2025

  • 9.6

    CRITICAL
    CVE-2017-11309

    Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.... Read more

    Affected Products : ip_office
    • EPSS Score: %28.59
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2023-21516

    XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.... Read more

    Affected Products : galaxy_store
    • EPSS Score: %0.36
    • Published: May. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-23482

    IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the v... Read more

    • EPSS Score: %0.05
    • Published: Jun. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-3973

    Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.... Read more

    Affected Products : drawio
    • EPSS Score: %0.07
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-39007

    /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.... Read more

    Affected Products : opnsense
    • EPSS Score: %43.90
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-33241

    Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementat... Read more

    Affected Products : gg18 gg20
    • EPSS Score: %0.15
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-29887

    Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    Affected Products : manageability_commander
    • EPSS Score: %0.52
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-27515

    Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    Affected Products : driver_\&_support_assistant
    • EPSS Score: %0.37
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291419 Results