Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.6

    CRITICAL
    CVE-2023-35161

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to ... Read more

    Affected Products : xwiki
    • EPSS Score: %3.38
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2021-29996

    Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.... Read more

    Affected Products : marktext
    • EPSS Score: %2.37
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2024-32600

    Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5. ... Read more

    Affected Products : master_slider
    • Published: Apr. 18, 2024
    • Modified: May. 27, 2025
  • 9.6

    CRITICAL
    CVE-2024-46367

    A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is... Read more

    Affected Products : krayin_crm
    • Published: Sep. 27, 2024
    • Modified: Jul. 09, 2025
  • 9.6

    CRITICAL
    CVE-2020-26902

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25... Read more

    • EPSS Score: %1.77
    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2023-38055

    A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.... Read more

    Affected Products : easyappointments
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2022-47877

    A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.... Read more

    Affected Products : jedox
    • EPSS Score: %1.34
    • Published: May. 02, 2023
    • Modified: Jan. 30, 2025
  • 9.6

    CRITICAL
    CVE-2021-40909

    Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_c... Read more

    • EPSS Score: %1.40
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2018-1000639

    LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially cra... Read more

    Affected Products : latexdraw
    • EPSS Score: %0.32
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2020-28149

    myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS.... Read more

    Affected Products : mydbr
    • EPSS Score: %0.34
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2022-25069

    Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js.... Read more

    Affected Products : marktext
    • EPSS Score: %1.34
    • Published: Mar. 05, 2022
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2021-32454

    SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access.... Read more

    • EPSS Score: %0.09
    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2024-23629

    An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. ... Read more

    Affected Products : mr2600_firmware mr2600
    • EPSS Score: %0.06
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2021-1264

    A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exp... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.91
    • Published: Jan. 20, 2021
    • Modified: Jul. 23, 2025
  • 9.6

    CRITICAL
    CVE-2023-0397

    A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.... Read more

    Affected Products : zephyr
    • EPSS Score: %0.03
    • Published: Jan. 19, 2023
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2023-49657

    A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. ... Read more

    Affected Products : superset
    • EPSS Score: %0.23
    • Published: Jan. 23, 2024
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2022-30690

    A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to s... Read more

    Affected Products : avideo
    • EPSS Score: %15.14
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2020-14429

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.... Read more

    • EPSS Score: %0.24
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2024-36409

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.... Read more

    Affected Products : suitecrm
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2015-7939

    Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.... Read more

    Affected Products : visilogic_oplc_ide
    • EPSS Score: %1.07
    • Published: Jan. 09, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291513 Results