Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-27335

    Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this ... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 9.6

    CRITICAL
    CVE-2016-6637

    Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x befor... Read more

    • EPSS Score: %0.12
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2018-9035

    CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.... Read more

    • EPSS Score: %8.82
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-3708

    IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of ... Read more

    Affected Products : emc_isilonsd_management_server
    • EPSS Score: %0.56
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26926

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.... Read more

    • EPSS Score: %0.15
    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-42496

    Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject a... Read more

    • Published: Feb. 21, 2024
    • Modified: Jan. 28, 2025

  • 9.6

    CRITICAL
    CVE-2017-2865

    An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigge... Read more

    • EPSS Score: %0.13
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2021-22943

    A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protec... Read more

    Affected Products : unifi_protect
    • EPSS Score: %0.12
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21382

    Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration... Read more

    Affected Products : restund
    • EPSS Score: %0.33
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-29078

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RB... Read more

    • EPSS Score: %0.24
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-11059

    In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.... Read more

    Affected Products : aegir
    • EPSS Score: %0.37
    • Published: May. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-18563

    An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before ... Read more

    • EPSS Score: %0.25
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-45629

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and ... Read more

    • EPSS Score: %0.56
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-45634

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and ... Read more

    • EPSS Score: %0.37
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-28347

    An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulner... Read more

    Affected Products : windows insight
    • EPSS Score: %1.15
    • Published: May. 31, 2023
    • Modified: Jan. 13, 2025

  • 9.6

    CRITICAL
    CVE-2020-24376

    A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3.... Read more

    • EPSS Score: %0.48
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21799

    Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted... Read more

    Affected Products : r-seenet
    • EPSS Score: %75.98
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-0488

    Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.... Read more

    Affected Products : pyload pyload-ng
    • EPSS Score: %0.26
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-14440

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, R... Read more

    • EPSS Score: %1.54
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-0957

    An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, becaus... Read more

    Affected Products : gitpod
    • EPSS Score: %0.20
    • Published: Mar. 03, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291358 Results