Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2021-2447

    Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco... Read more

    Affected Products : secure_global_desktop
    • EPSS Score: %1.77
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1770

    Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2.... Read more

    Affected Products : trudesk
    • EPSS Score: %0.28
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-32829

    ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Exe... Read more

    Affected Products : zstack rest_api
    • EPSS Score: %1.39
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-40358

    A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (... Read more

    Affected Products : simatic_wincc simatic_pcs_7
    • EPSS Score: %0.58
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-43684

    ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to P... Read more

    Affected Products : servicenow
    • EPSS Score: %0.22
    • Published: Jun. 13, 2023
    • Modified: Feb. 13, 2025

  • 9.9

    CRITICAL
    CVE-2023-31090

    Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widg... Read more

    • Published: Apr. 24, 2024
    • Modified: Feb. 05, 2025

  • 9.9

    CRITICAL
    CVE-2022-44588

    Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress. ... Read more

    Affected Products : cryptocurrency_widgets_pack
    • EPSS Score: %0.14
    • Published: Dec. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-35152

    XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights... Read more

    Affected Products : xwiki
    • EPSS Score: %0.91
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-40029

    Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotatio... Read more

    • EPSS Score: %0.69
    • Published: Sep. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-4037

    Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.... Read more

    Affected Products : conacwin
    • EPSS Score: %0.04
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-43362

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1. ... Read more

    Affected Products : hbys
    • EPSS Score: %0.29
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-23619

    Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not hand... Read more

    Affected Products : modelina
    • EPSS Score: %0.22
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-27874

    IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.... Read more

    Affected Products : linux_kernel aspera_faspex
    • EPSS Score: %0.14
    • Published: Mar. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-51417

    Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3. ... Read more

    Affected Products : jvm_gutenberg_rich_text_icons
    • EPSS Score: %0.66
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-37425

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion.... Read more

    Affected Products : linux_kernel opennebula
    • EPSS Score: %4.60
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-25311

    condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.... Read more

    Affected Products : htcondor
    • EPSS Score: %2.77
    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-1644

    Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI. ... Read more

    Affected Products : suitecrm
    • Published: Feb. 20, 2024
    • Modified: Dec. 31, 2024

  • 9.9

    CRITICAL
    CVE-2024-31997

    XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user'... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 09, 2025

  • 9.9

    CRITICAL
    CVE-2024-27972

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24. ... Read more

    Affected Products : wp_fusion
    • Published: Apr. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-26075

    An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests ... Read more

    • EPSS Score: %9.34
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291513 Results