Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2024-4404

    The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web ... Read more

    Affected Products : elementskit
    • Published: Jun. 14, 2024
    • Modified: Jan. 10, 2025

  • 9.6

    CRITICAL
    CVE-2024-24275

    Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function.... Read more

    Affected Products : windows teamwire
    • Published: Mar. 05, 2024
    • Modified: Mar. 27, 2025

  • 9.6

    CRITICAL
    CVE-2024-54139

    Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.... Read more

    Affected Products : itop
    • Published: Dec. 13, 2024
    • Modified: Mar. 11, 2025

  • 9.6

    CRITICAL
    CVE-2024-32986

    PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop E... Read more

    Affected Products :
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-38164

    An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.... Read more

    Affected Products : groupme
    • Published: Jul. 23, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-41654

    An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerabili... Read more

    Affected Products : ghost
    • EPSS Score: %0.25
    • Published: Dec. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-27107

    Weak account password in GE HealthCare EchoPAC products... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-7018

    Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.... Read more

    Affected Products : transformers
    • EPSS Score: %0.14
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-35158

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perfor... Read more

    Affected Products : xwiki
    • EPSS Score: %7.64
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-3110

    Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.... Read more

    Affected Products : unify_software_development_kit
    • EPSS Score: %0.05
    • Published: Jun. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-29067

    Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 be... Read more

    • EPSS Score: %0.14
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-5277

    aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 9.6

    CRITICAL
    CVE-2024-44778

    A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products : vtiger_crm
    • Published: Aug. 29, 2024
    • Modified: Sep. 03, 2024

  • 9.6

    CRITICAL
    CVE-2022-32271

    In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is... Read more

    Affected Products : realplayer
    • EPSS Score: %1.43
    • Published: Jun. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-42581

    A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.... Read more

    Affected Products : warehouse_inventory_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-32340

    A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.... Read more

    Affected Products : wondercms
    • Published: Apr. 17, 2024
    • Modified: Apr. 11, 2025

  • 9.6

    CRITICAL
    CVE-2023-4264

    Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.... Read more

    Affected Products : zephyr
    • EPSS Score: %0.23
    • Published: Sep. 27, 2023
    • Modified: Feb. 13, 2025

  • 9.6

    CRITICAL
    CVE-2023-46601

    A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should n... Read more

    Affected Products : comos
    • EPSS Score: %0.19
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-42809

    Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick client... Read more

    Affected Products : redisson
    • EPSS Score: %0.70
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-3152

    Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20.... Read more

    Affected Products : phpfusion
    • EPSS Score: %0.12
    • Published: Sep. 07, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results