Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2020-27486

    Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ progra... Read more

    • EPSS Score: %0.56
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-43632

    As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The ... Read more

    Affected Products : edge_virtualization_engine eve
    • EPSS Score: %0.08
    • Published: Sep. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-15860

    Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected applica... Read more

    Affected Products : remote_application_server
    • EPSS Score: %2.69
    • Published: Jul. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-29516

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the X... Read more

    Affected Products : xwiki
    • EPSS Score: %20.28
    • Published: Apr. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-51421

    Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. ... Read more

    Affected Products : verge3d
    • EPSS Score: %0.66
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-51470

    Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. ... Read more

    Affected Products : rencontre
    • EPSS Score: %0.75
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-3025

    mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outs... Read more

    Affected Products : anythingllm
    • Published: Apr. 10, 2024
    • Modified: Jul. 09, 2025

  • 9.9

    CRITICAL
    CVE-2023-6069

    Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. ... Read more

    Affected Products : froxlor
    • EPSS Score: %0.25
    • Published: Nov. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-31981

    XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 21, 2025

  • 9.9

    CRITICAL
    CVE-2023-49830

    Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1. ... Read more

    Affected Products : astra
    • EPSS Score: %0.69
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-36276

    TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.... Read more

    Affected Products : gim
    • EPSS Score: %0.21
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37023

    Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpo... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 20, 2024

  • 9.9

    CRITICAL
    CVE-2022-21675

    Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA "Zip Slip"). The vulnerability is exploited using a specially crafted archive tha... Read more

    Affected Products : bytecode_viewer
    • EPSS Score: %1.36
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-27317

    In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerabi... Read more

    Affected Products : pulsar
    • Published: Mar. 12, 2024
    • Modified: Jan. 19, 2025

  • 9.9

    CRITICAL
    CVE-2024-50529

    Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1.... Read more

    Affected Products : training_-_courses
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 9.9

    CRITICAL
    CVE-2023-32069

    XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched i... Read more

    Affected Products : xwiki
    • EPSS Score: %3.06
    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-33699

    The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password.... Read more

    Affected Products : wbr-6012_firmware wbr-6012
    • Published: Oct. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-3330

    Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitra... Read more

    Affected Products :
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-23603

    iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There ar... Read more

    Affected Products : itunesrpc-remastered
    • EPSS Score: %0.37
    • Published: Feb. 01, 2022
    • Modified: May. 05, 2025

  • 9.9

    CRITICAL
    CVE-2023-29524

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user ... Read more

    Affected Products : xwiki
    • EPSS Score: %42.20
    • Published: Apr. 19, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results