Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2021-45626

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK20 before 2.6.1.36, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2... Read more

    • EPSS Score: %0.51
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-45628

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR85... Read more

    • EPSS Score: %0.76
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-12076

    The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS.... Read more

    Affected Products : data_tables_generator
    • EPSS Score: %0.11
    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-41924

    A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TC... Read more

    Affected Products : windows tailscale
    • EPSS Score: %50.81
    • Published: Nov. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-28102

    discordrb is an implementation of the Discord API using Ruby. In discordrb before commit `91e13043ffa` the `encoder.rb` file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to comman... Read more

    Affected Products : discordrb
    • EPSS Score: %0.82
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-28838

    GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some... Read more

    Affected Products : glpi
    • EPSS Score: %0.36
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-23718

    Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.... Read more

    Affected Products : zibbs
    • EPSS Score: %0.73
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-24374

    A DNS rebinding vulnerability in Freebox v5 before 1.5.29.... Read more

    Affected Products : freebox_hd_firmware freebox_hd
    • EPSS Score: %0.48
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-32680

    Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirem... Read more

    Affected Products : metabase
    • EPSS Score: %0.14
    • Published: May. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-42967

    Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution.... Read more

    Affected Products : caret
    • EPSS Score: %0.11
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-42627

    Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML v... Read more

    • EPSS Score: %0.16
    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26905

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 b... Read more

    • EPSS Score: %0.15
    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-28727

    Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.... Read more

    Affected Products : aiseg2_firmware aiseg2
    • EPSS Score: %0.01
    • Published: Mar. 31, 2023
    • Modified: Feb. 12, 2025

  • 9.6

    CRITICAL
    CVE-2023-51633

    Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The specifi... Read more

    Affected Products : centreon centreon_web
    • Published: May. 03, 2024
    • Modified: Nov. 25, 2024

  • 9.6

    CRITICAL
    CVE-2022-3708

    The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes... Read more

    Affected Products : web_stories
    • EPSS Score: %0.35
    • Published: Oct. 28, 2022
    • Modified: May. 05, 2025

  • 9.6

    CRITICAL
    CVE-2021-24814

    The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properl... Read more

    Affected Products : wordpress_gdpr\&ccpa
    • EPSS Score: %17.23
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-40643

    Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag.... Read more

    Affected Products : joplin
    • Published: Sep. 09, 2024
    • Modified: Sep. 17, 2024

  • 9.6

    CRITICAL
    CVE-2022-0153

    SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.... Read more

    Affected Products : fork_cms
    • EPSS Score: %0.26
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-6740

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that... Read more

    Affected Products : galaxy_s9_firmware galaxy_s9
    • EPSS Score: %1.55
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-22718

    Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL.... Read more

    Affected Products : form_tools
    • Published: Apr. 11, 2024
    • Modified: Apr. 08, 2025
Showing 20 of 291384 Results