Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2021-32016

    An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled content) via directory traversal, potentially leading to remo... Read more

    Affected Products : asset_management
    • EPSS Score: %0.81
    • Published: Aug. 03, 2021
    • Modified: May. 30, 2025

  • 9.9

    CRITICAL
    CVE-2021-32724

    check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `sched... Read more

    Affected Products : check-spelling
    • EPSS Score: %0.32
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-33698

    SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.... Read more

    Affected Products : business_one
    • EPSS Score: %0.30
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-12083

    An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).... Read more

    Affected Products : flexnet_code_insight
    • EPSS Score: %0.51
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-21882

    An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request t... Read more

    • EPSS Score: %3.54
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2016-6902

    lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.... Read more

    Affected Products : lshell
    • EPSS Score: %2.36
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2016-6903

    lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.... Read more

    Affected Products : lshell
    • EPSS Score: %1.87
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-3503

    Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Eas... Read more

    • EPSS Score: %1.07
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-8220

    TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.... Read more

    Affected Products : c2_firmware c20i_firmware c2 c20i
    • EPSS Score: %11.86
    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2021-36302

    All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over ... Read more

    • EPSS Score: %0.24
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-42940

    A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.... Read more

    Affected Products : projeqtor
    • EPSS Score: %0.59
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-24664

    PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts.... Read more

    Affected Products : php_everywhere
    • EPSS Score: %1.47
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-24665

    PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.... Read more

    Affected Products : php_everywhere
    • EPSS Score: %2.21
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-45161

    The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM perm... Read more

    Affected Products : platform
    • EPSS Score: %0.10
    • Published: Nov. 06, 2023
    • Modified: Jun. 12, 2025

  • 9.9

    CRITICAL
    CVE-2021-43609

    An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL co... Read more

    Affected Products : help_desk_server
    • EPSS Score: %3.65
    • Published: Nov. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-4122

    Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.... Read more

    • EPSS Score: %0.75
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-31215

    Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2. ... Read more

    • EPSS Score: %0.31
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-31231

    Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through ... Read more

    • EPSS Score: %0.06
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-34007

    Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. ... Read more

    Affected Products : download_monitor
    • EPSS Score: %0.31
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-34385

    Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0. ... Read more

    Affected Products : export_import_menus
    • EPSS Score: %0.31
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results