Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2021-4360

    The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator... Read more

    Affected Products : controlled_admin_access
    • EPSS Score: %0.13
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-25911

    The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters.... Read more

    Affected Products : ak-em100_firmware ak-em100
    • EPSS Score: %0.69
    • Published: Jun. 11, 2023
    • Modified: Jan. 17, 2025

  • 9.9

    CRITICAL
    CVE-2023-35166

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-r... Read more

    Affected Products : xwiki
    • EPSS Score: %30.22
    • Published: Jun. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-34465

    XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration an... Read more

    Affected Products : xwiki
    • EPSS Score: %0.55
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-36460

    Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon's media processing code to create arbitra... Read more

    Affected Products : mastodon
    • EPSS Score: %34.24
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-32231

    An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\Windows\Temp. A standard user can create the folder and path file ahead of time and obtain elevated c... Read more

    Affected Products : printerlogic_client
    • EPSS Score: %0.60
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-40020

    PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions `app/routes/v3/admin.controller.ts` did not correctly verify whether the user was an administrator (High Level) or moderator (Low Level) causing the... Read more

    Affected Products : privateuploader
    • EPSS Score: %0.19
    • Published: Aug. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-40177

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively perfor... Read more

    Affected Products : xwiki
    • EPSS Score: %2.11
    • Published: Aug. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-5223

    A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. T... Read more

    Affected Products : hcode_online_judge
    • EPSS Score: %0.20
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-45162

    Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.  Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply h... Read more

    Affected Products : platform
    • EPSS Score: %0.10
    • Published: Oct. 13, 2023
    • Modified: May. 20, 2025

  • 9.9

    CRITICAL
    CVE-2025-30841

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. This issue affects Countdown & Clock: from n/a through 2.8.8.... Read more

    Affected Products : countdown_builder
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2023-20048

    A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is manag... Read more

    • EPSS Score: %2.03
    • Published: Nov. 01, 2023
    • Modified: Nov. 26, 2024

  • 9.9

    CRITICAL
    CVE-2023-45163

    The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM pe... Read more

    Affected Products : platform
    • EPSS Score: %0.10
    • Published: Nov. 06, 2023
    • Modified: Jun. 12, 2025

  • 9.9

    CRITICAL
    CVE-2025-46264

    Unrestricted Upload of File with Dangerous Type vulnerability in Angelo Mandato PowerPress Podcasting allows Upload a Web Shell to a Web Server. This issue affects PowerPress Podcasting: from n/a through 11.12.5.... Read more

    Affected Products : powerpress
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2015-2079

    Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.... Read more

    Affected Products : usermin usermin
    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2017-16279

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • EPSS Score: %0.08
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16320

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • EPSS Score: %0.08
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-16343

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4 bytes... Read more

    Affected Products : hub_firmware insteon_hub_firmware hub
    • EPSS Score: %0.70
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-0238

    A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user port... Read more

    Affected Products : unified_computing_system_director
    • EPSS Score: %5.07
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2016-2396

    The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.... Read more

    • EPSS Score: %0.59
    • Published: Feb. 17, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291891 Results