Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-52406

    Unrestricted Upload of File with Dangerous Type vulnerability in Wibergs Web CSV to html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through 3.04.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-56052

    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-56057

    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.9

    CRITICAL
    CVE-2025-22611

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, ... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2024-57968

    Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.... Read more

    Affected Products : veracore
    • Actively Exploited
    • Published: Feb. 03, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-27554

    ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy upda... Read more

    Affected Products :
    • Published: Mar. 01, 2025
    • Modified: Mar. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-32028

    HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from b... Read more

    Affected Products : hax haxcms-php haxcms-nodejs haxcms-php
    • Published: Apr. 08, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-32445

    Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrati... Read more

    Affected Products : argo_events
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-2605

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Hon... Read more

    • Published: May. 02, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2023-46149

    Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. ... Read more

    Affected Products : ultra
    • EPSS Score: %0.31
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-51410

    Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2. ... Read more

    Affected Products : wp_mail_log
    • EPSS Score: %0.66
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-24707

    Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. ... Read more

    Affected Products :
    • Published: Apr. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-55877

    XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. Thi... Read more

    Affected Products : xwiki
    • Published: Dec. 12, 2024
    • Modified: Apr. 30, 2025

  • 9.9

    CRITICAL
    CVE-2024-31984

    XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) searc... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 21, 2025

  • 9.9

    CRITICAL
    CVE-2024-31987

    XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 21, 2025

  • 9.9

    CRITICAL
    CVE-2024-21010

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged atta... Read more

    Affected Products : hospitality_simphony
    • Published: Apr. 16, 2024
    • Modified: Mar. 17, 2025

  • 9.9

    CRITICAL
    CVE-2024-29212

    Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC... Read more

    Affected Products : veeam_service_provider_console
    • Published: May. 14, 2024
    • Modified: Jun. 30, 2025

  • 9.9

    CRITICAL
    CVE-2024-6784

    Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.0... Read more

    • Published: Dec. 05, 2024
    • Modified: Apr. 10, 2025

  • 9.9

    CRITICAL
    CVE-2024-3592

    The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied ... Read more

    Affected Products : quiz_and_survey_master
    • Published: Jun. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-6303

    Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run comman... Read more

    Affected Products : conduit
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292318 Results