Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2022-39366

    DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Met... Read more

    Affected Products : datahub
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-25909

    Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. ... Read more

    Affected Products : wp_media_folder
    • Published: Feb. 26, 2024
    • Modified: May. 08, 2025

  • 9.9

    CRITICAL
    CVE-2024-2599

    File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.... Read more

    Affected Products : amss\+\+
    • Published: Mar. 18, 2024
    • Modified: Apr. 17, 2025

  • 9.9

    CRITICAL
    CVE-2023-1782

    HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.... Read more

    Affected Products : nomad
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-7047

    The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator w... Read more

    Affected Products : wp_database_reset
    • Published: Jan. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-30228

    Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4. ... Read more

    Affected Products :
    • Published: Mar. 28, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-46093

    LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.... Read more

    Affected Products : liquidfiles
    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2018-20162

    Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.... Read more

    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-7001

    A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x ... Read more

    Affected Products : ip_office_contact_center
    • Published: Apr. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-7741

    This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript... Read more

    Affected Products : hello.js
    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-51482

    ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.... Read more

    Affected Products : zoneminder
    • Published: Oct. 31, 2024
    • Modified: Nov. 05, 2024

  • 9.9

    CRITICAL
    CVE-2024-33644

    Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-47658

    Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System allows Upload a Web Shell to a Web Server. This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a t... Read more

    Affected Products : wsdesk
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2023-5964

    The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code... Read more

    Affected Products : platform
    • Published: Nov. 06, 2023
    • Modified: May. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-16290

    Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more

    Affected Products : hub_firmware hub
    • Published: Jan. 11, 2023
    • Modified: Apr. 09, 2025

  • 9.9

    CRITICAL
    CVE-2018-3902

    An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a ... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • Published: Aug. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-29212

    XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper e... Read more

    Affected Products : xwiki
    • Published: Apr. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-41110

    Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumsta... Read more

    Affected Products : moby
    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-58745

    WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint `/html/socio/sistema/controller/controla_xlsx.p... Read more

    Affected Products : wegia
    • Published: Sep. 08, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-42922

    SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of ... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authentication
Showing 20 of 293351 Results