Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2021-32017

    An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and fi... Read more

    Affected Products : asset_management
    • EPSS Score: %0.23
    • Published: Aug. 03, 2021
    • Modified: May. 30, 2025

  • 9.9

    CRITICAL
    CVE-2022-41976

    An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.... Read more

    Affected Products : scada-lts
    • EPSS Score: %0.45
    • Published: Apr. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-30537

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki ... Read more

    Affected Products : xwiki
    • EPSS Score: %2.15
    • Published: Apr. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-34207

    Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a cra... Read more

    Affected Products : mailhunter_ultimate
    • EPSS Score: %0.29
    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-22647

    An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions t... Read more

    Affected Products : rancher rancher
    • EPSS Score: %0.58
    • Published: Jun. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-43632

    As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The ... Read more

    Affected Products : edge_virtualization_engine eve
    • EPSS Score: %0.08
    • Published: Sep. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-15860

    Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected applica... Read more

    Affected Products : remote_application_server
    • EPSS Score: %2.69
    • Published: Jul. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-29516

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the X... Read more

    Affected Products : xwiki
    • EPSS Score: %20.28
    • Published: Apr. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-51421

    Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. ... Read more

    Affected Products : verge3d
    • EPSS Score: %0.66
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-51470

    Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. ... Read more

    Affected Products : rencontre
    • EPSS Score: %0.75
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-3025

    mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outs... Read more

    Affected Products : anythingllm
    • Published: Apr. 10, 2024
    • Modified: Jul. 09, 2025

  • 9.9

    CRITICAL
    CVE-2023-6069

    Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. ... Read more

    Affected Products : froxlor
    • EPSS Score: %0.25
    • Published: Nov. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-31981

    XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 21, 2025

  • 9.9

    CRITICAL
    CVE-2022-36276

    TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.... Read more

    Affected Products : gim
    • EPSS Score: %0.21
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37023

    Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpo... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 20, 2024

  • 9.9

    CRITICAL
    CVE-2022-21675

    Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA "Zip Slip"). The vulnerability is exploited using a specially crafted archive tha... Read more

    Affected Products : bytecode_viewer
    • EPSS Score: %1.36
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-50529

    Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1.... Read more

    Affected Products : training_-_courses
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 9.9

    CRITICAL
    CVE-2023-32069

    XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched i... Read more

    Affected Products : xwiki
    • EPSS Score: %3.06
    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-33699

    The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password.... Read more

    Affected Products : wbr-6012_firmware wbr-6012
    • Published: Oct. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-3330

    Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitra... Read more

    Affected Products :
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292735 Results