Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-4695

    Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16.... Read more

    Affected Products : pkb-lib pkp_web_application_library
    • EPSS Score: %0.09
    • Published: Sep. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-2746

    The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (... Read more

    Affected Products : enhanced_him
    • EPSS Score: %0.18
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-30429

    Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS au... Read more

    Affected Products : pulsar
    • EPSS Score: %0.07
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-52139

    Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4... Read more

    Affected Products : misskey
    • EPSS Score: %0.11
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-40086

    A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 23, 2024

  • 9.6

    CRITICAL
    CVE-2022-37830

    Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : webjet_cms
    • EPSS Score: %0.21
    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-22416

    pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibiliti... Read more

    Affected Products : pyload pyload-ng
    • EPSS Score: %5.90
    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-31403

    SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be ... Read more

    Affected Products : business_one
    • EPSS Score: %0.10
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-44777

    A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products : vtiger_crm
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 9.6

    CRITICAL
    CVE-2022-38490

    An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue.... Read more

    Affected Products : service_manager
    • EPSS Score: %0.08
    • Published: Jan. 10, 2023
    • Modified: Apr. 09, 2025

  • 9.6

    CRITICAL
    CVE-2024-22245

    Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting an... Read more

    Affected Products :
    • Published: Feb. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-23674

    The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources... Read more

    Affected Products :
    • EPSS Score: %0.08
    • Published: Feb. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-7345

    Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release pla... Read more

    Affected Products : openedge
    • Published: Sep. 03, 2024
    • Modified: Sep. 05, 2024

  • 9.6

    CRITICAL
    CVE-2024-35225

    Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. Th... Read more

    Affected Products : jupyter_server_proxy
    • Published: Jun. 11, 2024
    • Modified: Apr. 10, 2025

  • 9.6

    CRITICAL
    CVE-2022-41937

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWik... Read more

    Affected Products : xwiki
    • EPSS Score: %2.34
    • Published: Nov. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-6753

    Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.... Read more

    Affected Products : windows mlflow
    • EPSS Score: %2.29
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-36410

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix... Read more

    Affected Products : suitecrm
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-52553

    authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This token is intended to only be valid for the session of the... Read more

    Affected Products : authentik
    • Published: Jun. 27, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2025-24964

    Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. When `api` option is... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025

  • 9.6

    CRITICAL
    CVE-2019-8982

    com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.... Read more

    Affected Products : wavemarker_studio
    • EPSS Score: %80.48
    • Published: Feb. 21, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291573 Results