Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2021-21382

    Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration... Read more

    Affected Products : restund
    • EPSS Score: %0.33
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-29078

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RB... Read more

    • EPSS Score: %0.24
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-11059

    In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.... Read more

    Affected Products : aegir
    • EPSS Score: %0.37
    • Published: May. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-18563

    An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before ... Read more

    • EPSS Score: %0.25
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-45629

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and ... Read more

    • EPSS Score: %0.56
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-14440

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, R... Read more

    • EPSS Score: %1.54
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-0957

    An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, becaus... Read more

    Affected Products : gitpod
    • EPSS Score: %0.20
    • Published: Mar. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-24508

    Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed wi... Read more

    • EPSS Score: %0.19
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-1347

    Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation... Read more

    Affected Products : organizr
    • EPSS Score: %0.41
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-5241

    The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file... Read more

    Affected Products : ai_chatbot wpbot
    • EPSS Score: %2.45
    • Published: Oct. 19, 2023
    • Modified: May. 12, 2025

  • 9.6

    CRITICAL
    CVE-2024-25292

    Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter.... Read more

    Affected Products : rendertune
    • Published: Feb. 29, 2024
    • Modified: Mar. 27, 2025

  • 9.6

    CRITICAL
    CVE-2024-27132

    Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables. ... Read more

    Affected Products : mlflow
    • Published: Feb. 23, 2024
    • Modified: Jan. 22, 2025

  • 9.6

    CRITICAL
    CVE-2023-29121

    Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 9.6

    CRITICAL
    CVE-2024-6515

    Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 9.6

    CRITICAL
    CVE-2023-30319

    Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.... Read more

    Affected Products : chatengine
    • EPSS Score: %0.14
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-4008

    FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System... Read more

    • Published: Jun. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-41126

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the... Read more

    Affected Products : contiki-ng
    • Published: Nov. 27, 2024
    • Modified: Apr. 10, 2025

  • 9.6

    CRITICAL
    CVE-2022-43143

    A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.... Read more

    Affected Products : beekeeper-studio
    • EPSS Score: %0.38
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 9.6

    CRITICAL
    CVE-2018-0104

    A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a... Read more

    • EPSS Score: %1.21
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-26941

    A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain ar... Read more

    • EPSS Score: %0.10
    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292387 Results