Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.6

    CRITICAL
    CVE-2024-29825

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.... Read more

    Affected Products : endpoint_manager
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2022-1312

    Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.26
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2023-51698

    Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a craft... Read more

    Affected Products : atril
    • EPSS Score: %2.34
    • Published: Jan. 12, 2024
    • Modified: Apr. 10, 2025
  • 9.6

    CRITICAL
    CVE-2022-26486

    An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for A... Read more

    • Actively Exploited
    • EPSS Score: %1.30
    • Published: Dec. 22, 2022
    • Modified: Mar. 21, 2025
  • 9.6

    CRITICAL
    CVE-2020-16025

    Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome
    • EPSS Score: %0.84
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2024-5655

    An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain ci... Read more

    Affected Products : gitlab
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2017-10101

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated att... Read more

    • EPSS Score: %0.36
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025
  • 9.6

    CRITICAL
    CVE-2021-28494

    In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System... Read more

    Affected Products : metamako_operating_system 7130
    • EPSS Score: %0.29
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2025-53314

    Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer allows SQL Injection. This issue affects WP Optimizer: from n/a through 2.3.6.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 9.6

    CRITICAL
    CVE-2023-36735

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability... Read more

    Affected Products : edge_chromium
    • EPSS Score: %0.72
    • Published: Sep. 15, 2023
    • Modified: Jan. 01, 2025
  • 9.6

    CRITICAL
    CVE-2020-6573

    Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    • EPSS Score: %2.07
    • Published: Sep. 21, 2020
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2025-43728

    Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Misconfiguration
  • 9.6

    CRITICAL
    CVE-2024-11319

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.... Read more

    Affected Products : django_cms
    • Published: Nov. 18, 2024
    • Modified: Aug. 26, 2025
  • 9.6

    CRITICAL
    CVE-2025-25379

    Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.... Read more

    Affected Products : 07flycms
    • Published: Feb. 28, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 9.6

    CRITICAL
    CVE-2023-27501

    SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal... Read more

    Affected Products : netweaver_application_server_abap
    • EPSS Score: %0.20
    • Published: Mar. 14, 2023
    • Modified: Nov. 21, 2024
  • 9.6

    CRITICAL
    CVE-2025-25101

    Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 9.6

    CRITICAL
    CVE-2025-25106

    Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0.... Read more

    Affected Products : starter_templates
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 9.6

    CRITICAL
    CVE-2025-24028

    Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handle... Read more

    Affected Products : joplin
    • Published: Feb. 07, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Cross-Site Scripting
  • 9.6

    CRITICAL
    CVE-2024-56347

    IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.... Read more

    Affected Products : aix
    • Published: Mar. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication
  • 9.6

    CRITICAL
    CVE-2024-51962

    A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify Column properties allowing for the execution of a SQL Injection by a remote authenticated user with elevated (non admin) privileges.  There is a high impact to integrity and... Read more

    Affected Products : arcgis_server
    • Published: Mar. 03, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Injection
Showing 20 of 291513 Results