Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2024-7982

    The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.... Read more

    • Published: Nov. 08, 2024
    • Modified: May. 15, 2025

  • 9.6

    CRITICAL
    CVE-2020-23719

    Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.... Read more

    Affected Products : zibbs
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-32600

    Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5. ... Read more

    Affected Products : master_slider
    • Published: Apr. 18, 2024
    • Modified: May. 27, 2025

  • 9.6

    CRITICAL
    CVE-2024-46367

    A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is... Read more

    Affected Products : krayin_crm
    • Published: Sep. 27, 2024
    • Modified: Jul. 09, 2025

  • 9.6

    CRITICAL
    CVE-2020-26902

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25... Read more

    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-38055

    A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.... Read more

    Affected Products : easyappointments
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-47877

    A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.... Read more

    Affected Products : jedox
    • Published: May. 02, 2023
    • Modified: Jan. 30, 2025

  • 9.6

    CRITICAL
    CVE-2021-40909

    Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_c... Read more

    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-1000639

    LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially cra... Read more

    Affected Products : latexdraw
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-25069

    Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js.... Read more

    Affected Products : marktext
    • Published: Mar. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-32454

    SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access.... Read more

    • Published: May. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-23629

    An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. ... Read more

    Affected Products : mr2600_firmware mr2600
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-1264

    A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exp... Read more

    Affected Products : dna_center catalyst_center
    • Published: Jan. 20, 2021
    • Modified: Jul. 23, 2025

  • 9.6

    CRITICAL
    CVE-2023-0397

    A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.... Read more

    Affected Products : zephyr
    • Published: Jan. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-49657

    A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. ... Read more

    Affected Products : superset
    • Published: Jan. 23, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-14429

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.... Read more

    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2015-7939

    Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.... Read more

    Affected Products : visilogic_oplc_ide
    • Published: Jan. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2022-26513

    Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.... Read more

    Affected Products : xmm_7560_firmware xmm_7560
    • Published: Nov. 11, 2022
    • Modified: Feb. 05, 2025

  • 9.6

    CRITICAL
    CVE-2018-18590

    A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.... Read more

    Affected Products : operations_bridge
    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-11316

    The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.... Read more

    Affected Products : sonos_firmware sonos
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292851 Results