Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-37293

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. ... Read more

    Affected Products : megarac_sp-x megarac_spx
    • EPSS Score: %0.04
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-48728

    A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a us... Read more

    Affected Products : avideo
    • EPSS Score: %18.42
    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-21639

    CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read out... Read more

    Affected Products : chromium_embedded_framework
    • EPSS Score: %0.21
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-25145

    Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and... Read more

    • EPSS Score: %0.15
    • Published: Feb. 07, 2024
    • Modified: May. 13, 2025

  • 9.6

    CRITICAL
    CVE-2024-24276

    Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components.... Read more

    Affected Products : teamwire
    • Published: Mar. 05, 2024
    • Modified: Mar. 27, 2025

  • 9.6

    CRITICAL
    CVE-2024-31988

    XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 09, 2025

  • 9.6

    CRITICAL
    CVE-2024-28878

    IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-33913

    Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.This issue affects Xserver Migrator: from n/a through 1.6.1. ... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-3166

    A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed... Read more

    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-36408

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issu... Read more

    Affected Products : suitecrm
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-38293

    ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.... Read more

    Affected Products : alcasar
    • Published: Jun. 13, 2024
    • Modified: Jun. 18, 2025

  • 9.6

    CRITICAL
    CVE-2024-40618

    Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.... Read more

    Affected Products : whale_browser
    • Published: Jul. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-7012

    Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Mediu... Read more

    Affected Products : chrome
    • Published: Jul. 16, 2024
    • Modified: Dec. 26, 2024

  • 9.6

    CRITICAL
    CVE-2024-5619

    Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apinizer Management Console: before 2024.05.1.... Read more

    Affected Products :
    • Published: Jul. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-41127

    Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-... Read more

    Affected Products : monkeytype
    • Published: Aug. 02, 2024
    • Modified: Sep. 11, 2024

  • 9.6

    CRITICAL
    CVE-2024-44779

    A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products : vtiger_crm
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 9.6

    CRITICAL
    CVE-2022-30584

    Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4... Read more

    Affected Products : archer
    • EPSS Score: %0.50
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-26636

    Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.76
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2016-1524

    Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, a... Read more

    • EPSS Score: %68.17
    • Published: Feb. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2022-24023

    A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerabil... Read more

    • EPSS Score: %0.12
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292719 Results