Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2019-13363

    admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates... Read more

    Affected Products : piwigo
    • EPSS Score: %0.30
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-6167

    A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo.... Read more

    • EPSS Score: %0.73
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-18853

    Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and ... Read more

    • EPSS Score: %0.41
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-8904

    An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and writ... Read more

    Affected Products : asylo
    • EPSS Score: %0.06
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-52571

    Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is p... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 9.6

    CRITICAL
    CVE-2023-31546

    Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature.... Read more

    Affected Products : dedebiz
    • EPSS Score: %21.20
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-3966

    usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.... Read more

    Affected Products : zephyr
    • EPSS Score: %0.06
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-35125

    A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).... Read more

    Affected Products : mautic
    • EPSS Score: %1.25
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-45506

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.... Read more

    • EPSS Score: %0.08
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-40083

    A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length ... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 23, 2024

  • 9.6

    CRITICAL
    CVE-2024-39363

    A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unaut... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-32576

    Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows Upload a Web Shell to a Web Server. This issue affects WP shop: from n/a through 2.6.0.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.6

    CRITICAL
    CVE-2017-10096

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated att... Read more

    • EPSS Score: %0.42
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-10285

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated a... Read more

    • EPSS Score: %0.39
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2021-21146

    Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora chrome
    • EPSS Score: %0.64
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-5704

    Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted ... Read more

    Affected Products : debian_linux open_on-chip_debugger
    • EPSS Score: %1.89
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21223

    Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • EPSS Score: %1.63
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-3075

    Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • Actively Exploited
    • EPSS Score: %1.33
    • Published: Sep. 26, 2022
    • Modified: Jul. 30, 2025

  • 9.6

    CRITICAL
    CVE-2024-4671

    Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Actively Exploited
    • Published: May. 14, 2024
    • Modified: Nov. 27, 2024

  • 9.6

    CRITICAL
    CVE-2024-23469

    SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. ... Read more

    Affected Products : access_rights_manager
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291358 Results