Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-35344

    Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YM... Read more

    Affected Products :
    • Published: May. 28, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-29485

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's ... Read more

    Affected Products : ratpack
    • EPSS Score: %2.48
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-34762

    Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Adv... Read more

    Affected Products :
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37301

    Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as ro... Read more

    Affected Products :
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-25320

    A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This i... Read more

    Affected Products : rancher
    • EPSS Score: %0.26
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-5853

    The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible ... Read more

    Affected Products : sirv
    • Published: Jun. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-38048

    A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.... Read more

    Affected Products : easyappointments
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-38051

    A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.... Read more

    Affected Products : easyappointments
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-38053

    A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.... Read more

    Affected Products : easyappointments
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-38054

    A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.... Read more

    Affected Products : easyappointments
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-3287

    A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.... Read more

    Affected Products : easyappointments
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37418

    Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.... Read more

    Affected Products : church_admin
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37424

    Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8.... Read more

    Affected Products :
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-37531

    SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level ... Read more

    • EPSS Score: %4.22
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-38176

    Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successfu... Read more

    • EPSS Score: %0.72
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-39915

    Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF repo... Read more

    Affected Products : thruk
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-39700

    JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their co... Read more

    Affected Products :
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-5618

    Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Apinizer Management Console: before 2024.05.1.... Read more

    Affected Products :
    • Published: Jul. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-43361

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1. ... Read more

    Affected Products : hbys
    • EPSS Score: %0.29
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-43249

    Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4.... Read more

    Affected Products : bit_form
    • Published: Aug. 19, 2024
    • Modified: Sep. 06, 2024
Showing 20 of 291890 Results