Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2023-46404

    PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.... Read more

    Affected Products : pcrs
    • EPSS Score: %40.84
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-55662

    XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on th... Read more

    Affected Products : xwiki
    • Published: Dec. 12, 2024
    • Modified: Apr. 30, 2025

  • 9.9

    CRITICAL
    CVE-2024-54262

    Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5.... Read more

    Affected Products : import_export_for_woocommerce
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.9

    CRITICAL
    CVE-2024-56050

    Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3.... Read more

    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.9

    CRITICAL
    CVE-2021-21480

    SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard ... Read more

    • EPSS Score: %25.93
    • Published: Mar. 09, 2021
    • Modified: May. 05, 2025

  • 9.9

    CRITICAL
    CVE-2023-48777

    Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. ... Read more

    Affected Products : website_builder
    • Published: Mar. 26, 2024
    • Modified: Jan. 28, 2025

  • 9.9

    CRITICAL
    CVE-2024-30236

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4. ... Read more

    Affected Products : contest_gallery
    • Published: Mar. 28, 2024
    • Modified: Apr. 08, 2025

  • 9.9

    CRITICAL
    CVE-2024-30500

    Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.12. ... Read more

    Affected Products : cubewp
    • Published: Mar. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-23538

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.... Read more

    Affected Products : fineract
    • Published: Mar. 29, 2024
    • Modified: Feb. 13, 2025

  • 9.9

    CRITICAL
    CVE-2024-29201

    JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container... Read more

    Affected Products : jumpserver
    • Published: Mar. 29, 2024
    • Modified: Mar. 25, 2025

  • 9.9

    CRITICAL
    CVE-2024-31380

    Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9.... Read more

    Affected Products : oxygen
    • Published: Apr. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-31280

    Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5. ... Read more

    Affected Products : church_admin
    • Published: Apr. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-31286

    Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005. ... Read more

    • Published: Apr. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-27602

    SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this author... Read more

    Affected Products : commerce
    • EPSS Score: %1.44
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-4306

    Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.... Read more

    Affected Products : hubbank
    • Published: Apr. 29, 2024
    • Modified: Apr. 23, 2025

  • 9.9

    CRITICAL
    CVE-2021-33509

    Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.... Read more

    Affected Products : plone
    • EPSS Score: %0.98
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-34082

    Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed us... Read more

    Affected Products : grav
    • Published: May. 15, 2024
    • Modified: Jan. 02, 2025

  • 9.9

    CRITICAL
    CVE-2023-23645

    Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2.... Read more

    Affected Products : code_snippets_extension
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-23230

    A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1... Read more

    Affected Products : command_centre
    • EPSS Score: %0.25
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-34810

    Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : download_station
    • EPSS Score: %1.11
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291898 Results