Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2025-24964

    Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. When `api` option is... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025

  • 9.6

    CRITICAL
    CVE-2025-22466

    Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2024-9369

    Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 27, 2024
    • Modified: Jan. 02, 2025

  • 9.6

    CRITICAL
    CVE-2024-9164

    An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.... Read more

    Affected Products : gitlab
    • Published: Oct. 11, 2024
    • Modified: Dec. 13, 2024

  • 9.6

    CRITICAL
    CVE-2024-9148

    Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.... Read more

    Affected Products : flowise embed
    • Published: Sep. 25, 2024
    • Modified: Sep. 30, 2024

  • 9.6

    CRITICAL
    CVE-2024-7971

    Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : edge chrome edge_chromium
    • Actively Exploited
    • Published: Aug. 21, 2024
    • Modified: Jan. 03, 2025

  • 9.6

    CRITICAL
    CVE-2024-7760

    aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all e... Read more

    Affected Products : aim
    • Published: Mar. 20, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.6

    CRITICAL
    CVE-2024-7102

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-6779

    Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 16, 2024
    • Modified: Mar. 20, 2025

  • 9.6

    CRITICAL
    CVE-2024-6522

    The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level acces... Read more

    • Published: Aug. 07, 2024
    • Modified: Mar. 01, 2025

  • 9.6

    CRITICAL
    CVE-2023-20192

    Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write c... Read more

    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-0488

    Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.... Read more

    Affected Products : pyload pyload-ng
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-10096

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated att... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-10285

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated a... Read more

    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2022-4924

    Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome
    • Published: Jul. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-4135

    Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : edge chrome electron edge_chromium
    • Actively Exploited
    • Published: Nov. 25, 2022
    • Modified: Mar. 12, 2025

  • 9.6

    CRITICAL
    CVE-2022-46733

    Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary commands. ... Read more

    Affected Products : real-time_location_system_studio
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-46332

    The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 ... Read more

    Affected Products : enterprise_protection
    • Published: Dec. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-42447

    HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. ... Read more

    Affected Products : hcl_compass
    • Published: Apr. 02, 2023
    • Modified: Feb. 19, 2025

  • 9.6

    CRITICAL
    CVE-2022-42711

    In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.... Read more

    Affected Products : whatsup_gold
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025
Showing 20 of 293284 Results