Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-38650

    An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Sep. 07, 2024
    • Modified: Sep. 09, 2024

  • 9.9

    CRITICAL
    CVE-2022-0939

    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.... Read more

    Affected Products : calibre-web calibre-web
    • EPSS Score: %0.25
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-24861

    Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code exec... Read more

    Affected Products : databasir
    • EPSS Score: %3.06
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1699

    Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.... Read more

    Affected Products : organizr
    • EPSS Score: %0.30
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-25995

    A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vu... Read more

    • EPSS Score: %1.89
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-26510

    A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerabili... Read more

    • EPSS Score: %0.49
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2015-7926

    eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.91
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 9.9

    CRITICAL
    CVE-2022-2550

    OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.... Read more

    Affected Products : control_panel
    • EPSS Score: %12.59
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-36954

    In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.... Read more

    Affected Products : netbackup
    • EPSS Score: %0.32
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-2661

    Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests.... Read more

    Affected Products : portbloque_s_firmware portbloque_s
    • EPSS Score: %0.14
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-30547

    A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger th... Read more

    Affected Products : avideo
    • EPSS Score: %33.69
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-36099

    XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Py... Read more

    Affected Products : xwiki
    • EPSS Score: %16.04
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-36084

    cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses `@flexSearchFulltext`, users of that ... Read more

    Affected Products : cruddl
    • EPSS Score: %0.65
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-39321

    GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environmen... Read more

    Affected Products : runner runner
    • EPSS Score: %0.33
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-38652

    A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system... Read more

    Affected Products : hyperic_agent
    • EPSS Score: %0.34
    • Published: Nov. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-21809

    A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.... Read more

    Affected Products : inrouter302_firmware inrouter302
    • EPSS Score: %1.46
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-36786

    DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the ro... Read more

    Affected Products : dsl-224_firmware dsl-224
    • EPSS Score: %0.09
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 9.9

    CRITICAL
    CVE-2025-39402

    Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-48140

    Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI allows Code Injection. This issue affects MetalpriceAPI: from n/a through 1.1.4.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-52921

    In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Functio... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication
Showing 20 of 291551 Results