Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2019-5850

    Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-5604

    In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated XHCI device included with the bhyve hypervisor did not prop... Read more

    Affected Products : freebsd
    • Published: Jul. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-5521

    VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader ... Read more

    Affected Products : workstation esxi fusion
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-3638

    Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricki... Read more

    Affected Products : web_gateway
    • Published: Sep. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-2828

    Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with ne... Read more

    Affected Products : field_service
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-25154

    Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-28838

    GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some... Read more

    Affected Products : glpi
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-0550

    A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissio... Read more

    Affected Products : anythingllm
    • Published: Feb. 28, 2024
    • Modified: Jan. 10, 2025

  • 9.6

    CRITICAL
    CVE-2024-0440

    Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.... Read more

    Affected Products : anythingllm
    • Published: Feb. 26, 2024
    • Modified: Feb. 27, 2025

  • 9.6

    CRITICAL
    CVE-2023-6572

    Command Injection in GitHub repository gradio-app/gradio prior to main.... Read more

    Affected Products : gradio
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-6345

    Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Actively Exploited
    • Published: Nov. 29, 2023
    • Modified: Feb. 03, 2025

  • 9.6

    CRITICAL
    CVE-2024-11319

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.... Read more

    Affected Products : django_cms
    • Published: Nov. 18, 2024
    • Modified: Aug. 26, 2025

  • 9.6

    CRITICAL
    CVE-2023-5820

    The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to ... Read more

    Affected Products : thumbnail_slider_with_lightbox
    • Published: Oct. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-25101

    Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.6

    CRITICAL
    CVE-2025-25106

    Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0.... Read more

    Affected Products : starter_templates
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.6

    CRITICAL
    CVE-2025-24028

    Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handle... Read more

    Affected Products : joplin
    • Published: Feb. 07, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-48469

    Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 9.6

    CRITICAL
    CVE-2025-32977

    Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to upload backup files to the system. ... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-49381

    Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross Site Request Forgery. This issue affects ads.txt Guru Connect: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.6

    CRITICAL
    CVE-2025-2767

    Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit t... Read more

    Affected Products : ng_firewall
    • Published: Apr. 23, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293343 Results