Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2021-44458

    Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attac... Read more

    Affected Products : linux_kernel lens
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-3882

    A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote co... Read more

    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2021-44749

    A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation.... Read more

    Affected Products : safe
    • Published: Mar. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-46732

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping.... Read more

    Affected Products : xwiki
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-46242

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in ord... Read more

    Affected Products : xwiki
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-36019

    Microsoft Power Platform Connector Spoofing Vulnerability... Read more

    Affected Products : azure_logic_apps power_platform
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-29050

    The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and pote... Read more

    Affected Products : open-xchange_appsuite ox_app_suite
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-25147

    Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attack... Read more

    • Published: Feb. 21, 2024
    • Modified: Jan. 28, 2025

  • 9.6

    CRITICAL
    CVE-2024-26269

    Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote atta... Read more

    • Published: Feb. 21, 2024
    • Modified: Jan. 28, 2025

  • 9.6

    CRITICAL
    CVE-2020-35124

    A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.... Read more

    Affected Products : mautic
    • Published: Jan. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-32692

    Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visit... Read more

    Affected Products : macos activitywatch
    • Published: Dec. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-32853

    Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from maliciou... Read more

    Affected Products : erxes
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-3329

    Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack... Read more

    Affected Products : zephyr
    • Published: Feb. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-28131

    A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicio... Read more

    Affected Products : expo_software_development_kit
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 9.6

    CRITICAL
    CVE-2023-21516

    XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.... Read more

    Affected Products : galaxy_store
    • Published: May. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-23482

    IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the v... Read more

    • Published: Jun. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-3973

    Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.... Read more

    Affected Products : drawio
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-33241

    Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementat... Read more

    Affected Products : gg18 gg20
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-29887

    Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    Affected Products : manageability_commander
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-27515

    Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    Affected Products : driver_\&_support_assistant
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results