Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2023-49742

    Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3. ... Read more

    Affected Products :
    • Published: Apr. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-29212

    Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC... Read more

    Affected Products : veeam_service_provider_console
    • Published: May. 14, 2024
    • Modified: Jun. 30, 2025

  • 9.9

    CRITICAL
    CVE-2024-6784

    Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.0... Read more

    • Published: Dec. 05, 2024
    • Modified: Apr. 10, 2025

  • 9.9

    CRITICAL
    CVE-2024-3592

    The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied ... Read more

    Affected Products : quiz_and_survey_master
    • Published: Jun. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-3105

    The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of... Read more

    Affected Products : woody_code_snippets
    • Published: Jun. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-6303

    Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run comman... Read more

    Affected Products : conduit
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37762

    MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution.... Read more

    Affected Products : machform
    • Published: Jul. 01, 2024
    • Modified: Apr. 30, 2025

  • 9.9

    CRITICAL
    CVE-2024-3604

    The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of... Read more

    Affected Products : openstreetmap
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37420

    Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-39872

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with t... Read more

    Affected Products : sinema_remote_connect_server
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-38089

    Microsoft Defender for IoT Elevation of Privilege Vulnerability... Read more

    Affected Products : defender_for_iot
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37906

    Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL ... Read more

    Affected Products : admidio
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37901

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchS... Read more

    Affected Products : xwiki
    • Published: Jul. 31, 2024
    • Modified: Sep. 06, 2024

  • 9.9

    CRITICAL
    CVE-2024-6386

    The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it p... Read more

    Affected Products : wpml
    • Published: Aug. 21, 2024
    • Modified: Sep. 27, 2024

  • 9.9

    CRITICAL
    CVE-2024-3980

    The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files t... Read more

    • Published: Aug. 27, 2024
    • Modified: Oct. 30, 2024

  • 9.9

    CRITICAL
    CVE-2024-45076

    IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.... Read more

    Affected Products : webmethods webmethods_integration
    • Published: Sep. 04, 2024
    • Modified: Sep. 06, 2024

  • 9.9

    CRITICAL
    CVE-2024-38194

    An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.... Read more

    Affected Products : azure_web_apps
    • Published: Sep. 10, 2024
    • Modified: Sep. 17, 2024

  • 9.9

    CRITICAL
    CVE-2024-45496

    A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowin... Read more

    Affected Products : openshift_container_platform
    • Published: Sep. 17, 2024
    • Modified: Jan. 09, 2025

  • 9.9

    CRITICAL
    CVE-2024-45798

    arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml`... Read more

    Affected Products : arduino-esp32
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 9.9

    CRITICAL
    CVE-2017-1253

    IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-For... Read more

    Affected Products : security_guardium
    • EPSS Score: %1.36
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291551 Results