Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-54370

    Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.9

    CRITICAL
    CVE-2024-56052

    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-56057

    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.9

    CRITICAL
    CVE-2025-22611

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, ... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2024-57968

    Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.... Read more

    Affected Products : veracore
    • Actively Exploited
    • Published: Feb. 03, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-27554

    ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy upda... Read more

    Affected Products :
    • Published: Mar. 01, 2025
    • Modified: Mar. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-32028

    HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from b... Read more

    Affected Products : hax haxcms-php haxcms-nodejs haxcms-php
    • Published: Apr. 08, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-32445

    Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrati... Read more

    Affected Products : argo_events
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-2605

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Hon... Read more

    • Published: May. 02, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2023-50721

    XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection... Read more

    Affected Products : xwiki
    • EPSS Score: %38.44
    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-46149

    Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. ... Read more

    Affected Products : ultra
    • EPSS Score: %0.31
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-51410

    Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2. ... Read more

    Affected Products : wp_mail_log
    • EPSS Score: %0.66
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-27956

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. ... Read more

    • Published: Mar. 21, 2024
    • Modified: Feb. 14, 2025

  • 9.9

    CRITICAL
    CVE-2024-24707

    Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. ... Read more

    Affected Products :
    • Published: Apr. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-55877

    XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. Thi... Read more

    Affected Products : xwiki
    • Published: Dec. 12, 2024
    • Modified: Apr. 30, 2025

  • 9.9

    CRITICAL
    CVE-2024-31984

    XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) searc... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 21, 2025

  • 9.9

    CRITICAL
    CVE-2024-31987

    XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 21, 2025

  • 9.9

    CRITICAL
    CVE-2024-2083

    A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypas... Read more

    Affected Products : zenml
    • Published: Apr. 16, 2024
    • Modified: May. 12, 2025

  • 9.9

    CRITICAL
    CVE-2024-20997

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged atta... Read more

    Affected Products : hospitality_simphony
    • Published: Apr. 16, 2024
    • Modified: Nov. 27, 2024

  • 9.9

    CRITICAL
    CVE-2024-21010

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged atta... Read more

    Affected Products : hospitality_simphony
    • Published: Apr. 16, 2024
    • Modified: Mar. 17, 2025
Showing 20 of 291551 Results