Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2024-34070

    Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malic... Read more

    Affected Products : froxlor
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-2361

    A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the `install_model()` function within `lollms_core/lollms/binding.py`, where... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 09, 2025

  • 9.6

    CRITICAL
    CVE-2024-35592

    An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products :
    • Published: May. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-3149

    A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless b... Read more

    Affected Products : anythingllm
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-36411

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix fo... Read more

    Affected Products : suitecrm
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21800

    Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted us... Read more

    Affected Products : r-seenet
    • EPSS Score: %72.46
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-54372

    Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.6

    CRITICAL
    CVE-2024-23997

    Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.... Read more

    Affected Products : yana
    • Published: Jul. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-23998

    goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.... Read more

    Affected Products : another_redis_desktop_manager
    • Published: Jul. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-41603

    Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout.... Read more

    Affected Products : spina
    • Published: Jul. 19, 2024
    • Modified: May. 29, 2025

  • 9.6

    CRITICAL
    CVE-2021-38480

    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the... Read more

    Affected Products : ir615_firmware ir615
    • EPSS Score: %0.09
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-20982

    Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.... Read more

    Affected Products : wdja_cms
    • EPSS Score: %35.60
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-36779

    A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.... Read more

    Affected Products : longhorn
    • EPSS Score: %0.05
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-45632

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and ... Read more

    • EPSS Score: %0.56
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-20658

    A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges... Read more

    • EPSS Score: %0.26
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-40087

    Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router.... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.6

    CRITICAL
    CVE-2023-29118

    Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php.... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 9.6

    CRITICAL
    CVE-2024-52402

    Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 9.6

    CRITICAL
    CVE-2024-52401

    Cross-Site Request Forgery (CSRF) vulnerability in 荒野无灯 Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 20, 2024

  • 9.6

    CRITICAL
    CVE-2024-6246

    Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not requ... Read more

    Affected Products : cam_v3_firmware cam_v3
    • Published: Nov. 22, 2024
    • Modified: Aug. 08, 2025
Showing 20 of 292508 Results