Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2022-30534

    An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to... Read more

    Affected Products : avideo
    • EPSS Score: %35.16
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-23211

    Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability... Read more

    Affected Products : recipes
    • Published: Jan. 28, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2017-16267

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • EPSS Score: %0.08
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-29209

    XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XW... Read more

    Affected Products : xwiki
    • EPSS Score: %2.55
    • Published: Apr. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-40622

    SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker c... Read more

    • EPSS Score: %0.13
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-25108

    Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator fun... Read more

    Affected Products : pixelfed
    • EPSS Score: %0.08
    • Published: Feb. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1467

    Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere a... Read more

    • EPSS Score: %0.28
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-25759

    The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.... Read more

    Affected Products : convert-svg-core
    • EPSS Score: %1.65
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-26042

    An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger t... Read more

    • EPSS Score: %2.63
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-28802

    Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally grant... Read more

    Affected Products : code_by_zapier
    • EPSS Score: %0.90
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 9.9

    CRITICAL
    CVE-2020-4077

    In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIs... Read more

    Affected Products : electron
    • EPSS Score: %0.44
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-43757

    A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Ran... Read more

    Affected Products : rancher rancher
    • EPSS Score: %0.06
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1571

    Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` p... Read more

    Affected Products : facturascripts
    • EPSS Score: %0.30
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-13343

    Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsib... Read more

    Affected Products : portal
    • EPSS Score: %0.61
    • Published: Oct. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-10404

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker ... Read more

    • EPSS Score: %1.04
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2020-15715

    rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.... Read more

    Affected Products : rconfig
    • EPSS Score: %2.60
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-22651

    Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security ... Read more

    Affected Products : rancher rancher
    • EPSS Score: %0.19
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025

  • 9.9

    CRITICAL
    CVE-2018-15761

    Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arb... Read more

    • EPSS Score: %0.53
    • Published: Nov. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-32764

    A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerabi... Read more

    Affected Products : myqnapcloud_link
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-32572

    An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trig... Read more

    Affected Products : avideo
    • EPSS Score: %10.00
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291400 Results