Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2024-41125

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 9.6

    CRITICAL
    CVE-2024-41662

    VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and executio... Read more

    Affected Products : vnote
    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-47534

    A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or command... Read more

    • Published: Mar. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-43261

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Aug. 19, 2024
    • Modified: Aug. 19, 2024

  • 9.6

    CRITICAL
    CVE-2024-23617

    A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. ... Read more

    • EPSS Score: %2.38
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-51545

    Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from ... Read more

    Affected Products : job_manager_\&_career
    • EPSS Score: %0.20
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26299

    ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined roo... Read more

    Affected Products : ftp-srv
    • EPSS Score: %0.74
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-45654

    NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information.... Read more

    Affected Products : xr1000_firmware xr1000
    • EPSS Score: %0.39
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-29168

    Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and... Read more

    Affected Products : wire-webapp
    • EPSS Score: %0.61
    • Published: Jun. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-38545

    Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products : valine
    • EPSS Score: %25.02
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-32771

    A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user... Read more

    Affected Products : avideo
    • EPSS Score: %10.58
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-33857

    An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.... Read more

    Affected Products : siem
    • Published: May. 07, 2024
    • Modified: Apr. 18, 2025

  • 9.6

    CRITICAL
    CVE-2024-41961

    Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft ... Read more

    Affected Products :
    • Published: Aug. 01, 2024
    • Modified: Aug. 01, 2024

  • 9.6

    CRITICAL
    CVE-2020-13562

    A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL te... Read more

    Affected Products : openemr phpgacl
    • EPSS Score: %19.36
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-13563

    A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL tem... Read more

    Affected Products : openemr phpgacl
    • EPSS Score: %19.96
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-14442

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, R... Read more

    • EPSS Score: %1.54
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-47222

    An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in th... Read more

    Affected Products : media_streaming_add-on
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21248

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy cl... Read more

    Affected Products : onedev
    • EPSS Score: %0.43
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-32770

    A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user... Read more

    Affected Products : avideo
    • EPSS Score: %15.19
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-25067

    NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker.... Read more

    Affected Products : r8300_firmware r8300
    • EPSS Score: %1.54
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291513 Results