Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-51633

    Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The specifi... Read more

    Affected Products : centreon centreon_web
    • Published: May. 03, 2024
    • Modified: Nov. 25, 2024

  • 9.6

    CRITICAL
    CVE-2022-3708

    The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes... Read more

    Affected Products : web_stories
    • EPSS Score: %0.35
    • Published: Oct. 28, 2022
    • Modified: May. 05, 2025

  • 9.6

    CRITICAL
    CVE-2021-24814

    The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properl... Read more

    Affected Products : wordpress_gdpr\&ccpa
    • EPSS Score: %17.23
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-40643

    Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag.... Read more

    Affected Products : joplin
    • Published: Sep. 09, 2024
    • Modified: Sep. 17, 2024

  • 9.6

    CRITICAL
    CVE-2022-0153

    SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.... Read more

    Affected Products : fork_cms
    • EPSS Score: %0.26
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-6740

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that... Read more

    Affected Products : galaxy_s9_firmware galaxy_s9
    • EPSS Score: %1.55
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-22718

    Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL.... Read more

    Affected Products : form_tools
    • Published: Apr. 11, 2024
    • Modified: Apr. 08, 2025

  • 9.6

    CRITICAL
    CVE-2024-28740

    Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.... Read more

    Affected Products : koha
    • Published: Aug. 06, 2024
    • Modified: Aug. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-34716

    PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the c... Read more

    Affected Products : prestashop
    • Published: May. 14, 2024
    • Modified: Jan. 21, 2025

  • 9.6

    CRITICAL
    CVE-2024-7568

    The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_admin_page_0 function. This makes it possible for unauthen... Read more

    Affected Products : favicon_generator
    • Published: Aug. 24, 2024
    • Modified: Sep. 27, 2024

  • 9.6

    CRITICAL
    CVE-2024-7982

    The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.... Read more

    • Published: Nov. 08, 2024
    • Modified: May. 15, 2025

  • 9.6

    CRITICAL
    CVE-2024-34359

    llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several parameters to conf... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-23719

    Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.... Read more

    Affected Products : zibbs
    • EPSS Score: %0.73
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-35161

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to ... Read more

    Affected Products : xwiki
    • EPSS Score: %3.38
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-29996

    Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.... Read more

    Affected Products : marktext
    • EPSS Score: %2.37
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-32600

    Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5. ... Read more

    Affected Products : master_slider
    • Published: Apr. 18, 2024
    • Modified: May. 27, 2025

  • 9.6

    CRITICAL
    CVE-2024-46367

    A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is... Read more

    Affected Products : krayin_crm
    • Published: Sep. 27, 2024
    • Modified: Jul. 09, 2025

  • 9.6

    CRITICAL
    CVE-2020-26902

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25... Read more

    • EPSS Score: %1.77
    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-38055

    A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.... Read more

    Affected Products : easyappointments
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-47877

    A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.... Read more

    Affected Products : jedox
    • EPSS Score: %1.34
    • Published: May. 02, 2023
    • Modified: Jan. 30, 2025
Showing 20 of 291751 Results