Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2025-5277

    aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 9.6

    CRITICAL
    CVE-2024-44778

    A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products : vtiger_crm
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 9.6

    CRITICAL
    CVE-2022-32271

    In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is... Read more

    Affected Products : realplayer
    • EPSS Score: %1.43
    • Published: Jun. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-42581

    A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.... Read more

    Affected Products : warehouse_inventory_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-32340

    A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.... Read more

    Affected Products : wondercms
    • Published: Apr. 17, 2024
    • Modified: Apr. 11, 2025

  • 9.6

    CRITICAL
    CVE-2023-4264

    Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.... Read more

    Affected Products : zephyr
    • EPSS Score: %0.23
    • Published: Sep. 27, 2023
    • Modified: Feb. 13, 2025

  • 9.6

    CRITICAL
    CVE-2023-46601

    A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should n... Read more

    Affected Products : comos
    • EPSS Score: %0.19
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-42809

    Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick client... Read more

    Affected Products : redisson
    • EPSS Score: %0.70
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-3152

    Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20.... Read more

    Affected Products : phpfusion
    • EPSS Score: %0.12
    • Published: Sep. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-0972

    Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.... Read more

    Affected Products : z\/ip_gateway_sdk
    • EPSS Score: %0.04
    • Published: Jun. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-16064

    NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacke... Read more

    • EPSS Score: %1.02
    • Published: Mar. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-6452

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS. The Forcepoint Web Security portal allows administrators to generate detailed repo... Read more

    Affected Products : web_security
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 9.6

    CRITICAL
    CVE-2020-13564

    A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL tem... Read more

    Affected Products : openemr phpgacl
    • EPSS Score: %19.96
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-21640

    Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This v... Read more

    Affected Products : chromium_embedded_framework
    • EPSS Score: %0.25
    • Published: Jan. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-24799

    wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a... Read more

    Affected Products : wire-webapp
    • EPSS Score: %0.56
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-39160

    nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.... Read more

    Affected Products : nbgitpuller
    • EPSS Score: %0.43
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-51219

    A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP r... Read more

    Affected Products :
    • Published: Jun. 03, 2024
    • Modified: Feb. 19, 2025

  • 9.6

    CRITICAL
    CVE-2020-14705

    Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (component: Process Management). The supported version that is affected is Prior to 19.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with access to the physica... Read more

    Affected Products : goldengate
    • EPSS Score: %0.46
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-31229

    Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to acc... Read more

    Affected Products : powerscale_onefs
    • EPSS Score: %0.29
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-48974

    Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.... Read more

    Affected Products : axigen_mail_server
    • EPSS Score: %6.58
    • Published: Feb. 08, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 291358 Results