Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2024-52402

    Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 9.6

    CRITICAL
    CVE-2024-52401

    Cross-Site Request Forgery (CSRF) vulnerability in 荒野无灯 Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 20, 2024

  • 9.6

    CRITICAL
    CVE-2024-6246

    Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not requ... Read more

    Affected Products : cam_v3_firmware cam_v3
    • Published: Nov. 22, 2024
    • Modified: Aug. 08, 2025

  • 9.6

    CRITICAL
    CVE-2022-1883

    SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.... Read more

    Affected Products : terraboard
    • EPSS Score: %64.92
    • Published: May. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-49038

    Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.... Read more

    Affected Products : copilot_studio
    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.6

    CRITICAL
    CVE-2022-38193

    There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution.... Read more

    Affected Products : portal_for_arcgis
    • EPSS Score: %0.62
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-26842

    A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an a... Read more

    Affected Products : avideo
    • EPSS Score: %6.20
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-32772

    A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user... Read more

    Affected Products : avideo
    • EPSS Score: %8.26
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-31149

    ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should ... Read more

    Affected Products : activitywatch
    • EPSS Score: %0.14
    • Published: Sep. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-33965

    Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to r... Read more

    Affected Products : brook
    • EPSS Score: %6.33
    • Published: Jun. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-1895

    The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions ... Read more

    Affected Products : getwid_-_gutenberg_blocks getwid
    • EPSS Score: %0.17
    • Published: Jun. 09, 2023
    • Modified: Nov. 25, 2024

  • 9.6

    CRITICAL
    CVE-2023-0971

    A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.... Read more

    Affected Products : z\/ip_gateway_sdk
    • EPSS Score: %0.01
    • Published: Jun. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-35156

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform... Read more

    Affected Products : xwiki
    • EPSS Score: %9.28
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-37262

    CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft s... Read more

    Affected Products : cc-tweaked
    • EPSS Score: %0.15
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-37277

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipart/form-data` or `application/www-form-urlencoded` as co... Read more

    Affected Products : xwiki
    • EPSS Score: %2.26
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-33242

    Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption ... Read more

    Affected Products : lindell17
    • EPSS Score: %4.64
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-38888

    Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInj... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %3.04
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-41679

    An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device ... Read more

    Affected Products : fortimanager
    • EPSS Score: %0.19
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-30223

    Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows atta... Read more

    Affected Products : beego
    • Published: Mar. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2023-44311

    Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers ... Read more

    • EPSS Score: %0.15
    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292725 Results