Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-44311

    Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers ... Read more

    • EPSS Score: %0.15
    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-5212

    The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the s... Read more

    Affected Products : ai_chatbot wpbot
    • EPSS Score: %0.31
    • Published: Oct. 19, 2023
    • Modified: May. 12, 2025

  • 9.6

    CRITICAL
    CVE-2023-41895

    Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the `redirect_uri` and `client_id` parameters. Although the `redirect_u... Read more

    Affected Products : home-assistant
    • EPSS Score: %0.42
    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-41897

    Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating header... Read more

    Affected Products : home-assistant
    • EPSS Score: %2.70
    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-45136

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.... Read more

    Affected Products : xwiki
    • EPSS Score: %60.17
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-5820

    The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to ... Read more

    Affected Products : thumbnail_slider_with_lightbox
    • EPSS Score: %0.10
    • Published: Oct. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-32496

    Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows Upload a Web Shell to a Web Server. This issue affects Ultra Demo Importer: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.6

    CRITICAL
    CVE-2017-15402

    Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had comp... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.38
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-15655

    Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the ... Read more

    Affected Products : asuswrt
    • EPSS Score: %1.44
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-11314

    The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.... Read more

    Affected Products : roku_firmware roku
    • EPSS Score: %0.48
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-24377

    A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3.... Read more

    • EPSS Score: %0.48
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26290

    Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with ... Read more

    Affected Products : dex
    • EPSS Score: %0.50
    • Published: Dec. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26574

    Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can b... Read more

    Affected Products : connection_broker
    • EPSS Score: %3.09
    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26904

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 b... Read more

    • EPSS Score: %0.10
    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-6159

    A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code t... Read more

    • EPSS Score: %0.45
    • Published: Aug. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-27224

    In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.... Read more

    Affected Products : theia
    • EPSS Score: %0.53
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-14430

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 be... Read more

    • EPSS Score: %0.10
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-14439

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, R... Read more

    • EPSS Score: %0.79
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-29459

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered us... Read more

    Affected Products : xwiki
    • EPSS Score: %0.42
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-3892

    An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traf... Read more

    • EPSS Score: %1.61
    • Published: Nov. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291513 Results