Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2024-49038

    Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.... Read more

    Affected Products : copilot_studio
    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.6

    CRITICAL
    CVE-2022-38193

    There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution.... Read more

    Affected Products : portal_for_arcgis
    • EPSS Score: %1.65
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-26842

    A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an a... Read more

    Affected Products : avideo
    • EPSS Score: %6.20
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-32772

    A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user... Read more

    Affected Products : avideo
    • EPSS Score: %8.26
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-47777

    5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to ... Read more

    Affected Products :
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2022-31149

    ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should ... Read more

    Affected Products : activitywatch
    • EPSS Score: %0.14
    • Published: Sep. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-46733

    Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary commands. ... Read more

    Affected Products : real-time_location_system_studio
    • EPSS Score: %0.05
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-25168

    Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to u... Read more

    Affected Products : wings
    • EPSS Score: %0.24
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-19825

    Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.... Read more

    Affected Products : kimai
    • EPSS Score: %0.39
    • Published: Feb. 15, 2023
    • Modified: Mar. 19, 2025

  • 9.6

    CRITICAL
    CVE-2021-33387

    Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request.... Read more

    Affected Products : minicms
    • EPSS Score: %0.10
    • Published: Feb. 24, 2023
    • Modified: Mar. 12, 2025

  • 9.6

    CRITICAL
    CVE-2022-42447

    HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. ... Read more

    Affected Products : hcl_compass
    • EPSS Score: %0.52
    • Published: Apr. 02, 2023
    • Modified: Feb. 19, 2025

  • 9.6

    CRITICAL
    CVE-2023-33965

    Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to r... Read more

    Affected Products : brook
    • EPSS Score: %6.33
    • Published: Jun. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-1895

    The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions ... Read more

    Affected Products : getwid_-_gutenberg_blocks getwid
    • EPSS Score: %0.17
    • Published: Jun. 09, 2023
    • Modified: Nov. 25, 2024

  • 9.6

    CRITICAL
    CVE-2023-0971

    A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.... Read more

    Affected Products : z\/ip_gateway_sdk
    • EPSS Score: %0.01
    • Published: Jun. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-35156

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform... Read more

    Affected Products : xwiki
    • EPSS Score: %9.28
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-35162

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions template to... Read more

    Affected Products : xwiki
    • EPSS Score: %3.38
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-37262

    CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft s... Read more

    Affected Products : cc-tweaked
    • EPSS Score: %0.15
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-37277

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipart/form-data` or `application/www-form-urlencoded` as co... Read more

    Affected Products : xwiki
    • EPSS Score: %2.26
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-33242

    Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption ... Read more

    Affected Products : lindell17
    • EPSS Score: %4.64
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-15758

    Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attack... Read more

    Affected Products : spring_security_oauth
    • EPSS Score: %0.40
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291570 Results