Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-38194

    An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.... Read more

    Affected Products : azure_web_apps
    • Published: Sep. 10, 2024
    • Modified: Sep. 17, 2024

  • 9.9

    CRITICAL
    CVE-2024-45496

    A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowin... Read more

    Affected Products : openshift_container_platform
    • Published: Sep. 17, 2024
    • Modified: Jan. 09, 2025

  • 9.9

    CRITICAL
    CVE-2024-45798

    arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml`... Read more

    Affected Products : arduino-esp32
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024

  • 9.9

    CRITICAL
    CVE-2017-1253

    IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-For... Read more

    Affected Products : security_guardium
    • EPSS Score: %1.36
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2024-38650

    An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Sep. 07, 2024
    • Modified: Sep. 09, 2024

  • 9.9

    CRITICAL
    CVE-2022-0939

    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.... Read more

    Affected Products : calibre-web calibre-web
    • EPSS Score: %0.25
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-24861

    Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code exec... Read more

    Affected Products : databasir
    • EPSS Score: %3.06
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1699

    Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.... Read more

    Affected Products : organizr
    • EPSS Score: %0.30
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-25995

    A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vu... Read more

    • EPSS Score: %1.89
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-26510

    A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerabili... Read more

    • EPSS Score: %0.49
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2015-7926

    eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.... Read more

    Affected Products : ewon_firmware
    • EPSS Score: %0.91
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 9.9

    CRITICAL
    CVE-2022-2550

    OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.... Read more

    Affected Products : control_panel
    • EPSS Score: %12.59
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-36954

    In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.... Read more

    Affected Products : netbackup
    • EPSS Score: %0.32
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-2661

    Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests.... Read more

    Affected Products : portbloque_s_firmware portbloque_s
    • EPSS Score: %0.14
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-30547

    A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger th... Read more

    Affected Products : avideo
    • EPSS Score: %33.69
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-36099

    XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Py... Read more

    Affected Products : xwiki
    • EPSS Score: %16.04
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-36084

    cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses `@flexSearchFulltext`, users of that ... Read more

    Affected Products : cruddl
    • EPSS Score: %0.65
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-39321

    GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environmen... Read more

    Affected Products : runner runner
    • EPSS Score: %0.33
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-38652

    A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system... Read more

    Affected Products : hyperic_agent
    • EPSS Score: %0.34
    • Published: Nov. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-21809

    A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.... Read more

    Affected Products : inrouter302_firmware inrouter302
    • EPSS Score: %1.46
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291779 Results