Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2023-48777

    Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. ... Read more

    Affected Products : website_builder
    • Published: Mar. 26, 2024
    • Modified: Jan. 28, 2025

  • 9.9

    CRITICAL
    CVE-2024-30236

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4. ... Read more

    Affected Products : contest_gallery
    • Published: Mar. 28, 2024
    • Modified: Apr. 08, 2025

  • 9.9

    CRITICAL
    CVE-2024-30500

    Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.12. ... Read more

    Affected Products : cubewp
    • Published: Mar. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-23538

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.... Read more

    Affected Products : fineract
    • Published: Mar. 29, 2024
    • Modified: Feb. 13, 2025

  • 9.9

    CRITICAL
    CVE-2024-29201

    JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container... Read more

    Affected Products : jumpserver
    • Published: Mar. 29, 2024
    • Modified: Mar. 25, 2025

  • 9.9

    CRITICAL
    CVE-2024-31380

    Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9.... Read more

    Affected Products : oxygen
    • Published: Apr. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-31280

    Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5. ... Read more

    Affected Products : church_admin
    • Published: Apr. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-31286

    Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005. ... Read more

    • Published: Apr. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-27602

    SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this author... Read more

    Affected Products : commerce
    • EPSS Score: %1.44
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-4306

    Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.... Read more

    Affected Products : hubbank
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 9.9

    CRITICAL
    CVE-2021-33509

    Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.... Read more

    Affected Products : plone
    • EPSS Score: %0.98
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-34082

    Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed us... Read more

    Affected Products : grav
    • Published: May. 15, 2024
    • Modified: Jan. 02, 2025

  • 9.9

    CRITICAL
    CVE-2023-23645

    Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2.... Read more

    Affected Products : code_snippets_extension
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-23230

    A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1... Read more

    Affected Products : command_centre
    • EPSS Score: %0.25
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-34810

    Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : download_station
    • EPSS Score: %1.11
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-35344

    Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YM... Read more

    Affected Products :
    • Published: May. 28, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-29485

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's ... Read more

    Affected Products : ratpack
    • EPSS Score: %2.48
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-34762

    Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Adv... Read more

    Affected Products :
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37301

    Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as ro... Read more

    Affected Products :
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-25320

    A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This i... Read more

    Affected Products : rancher
    • EPSS Score: %0.26
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results