Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2025-0781

    An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.... Read more

    Affected Products : debian_linux simgear
    • Published: Jan. 28, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2024-9014

    pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.... Read more

    Affected Products : pgadmin
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 9.9

    CRITICAL
    CVE-2024-8672

    The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 9.9

    CRITICAL
    CVE-2024-8614

    The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated ... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 9.9

    CRITICAL
    CVE-2024-6386

    The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it p... Read more

    Affected Products : wpml
    • Published: Aug. 21, 2024
    • Modified: Sep. 27, 2024

  • 9.9

    CRITICAL
    CVE-2024-6327

    In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.... Read more

    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-5853

    The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible ... Read more

    Affected Products : sirv
    • Published: Jun. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-0022

    SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may... Read more

    • Published: Jan. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-46641

    D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.... Read more

    Affected Products : dir-846_firmware dir-846
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.9

    CRITICAL
    CVE-2018-3876

    An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An atta... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-44588

    Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress. ... Read more

    Affected Products : cryptocurrency_widgets_pack
    • Published: Dec. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-43546

    A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V... Read more

    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-43404

    A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scr... Read more

    Affected Products : script_security
    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-43403

    A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass... Read more

    Affected Products : script_security
    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-42925

    There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnera... Read more

    Affected Products : formalms
    • Published: Oct. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-41928

    XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. T... Read more

    Affected Products : xwiki
    • Published: Nov. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-41931

    xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python... Read more

    Affected Products : xwiki
    • Published: Nov. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-41681

    There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerab... Read more

    Affected Products : formalms
    • Published: Oct. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-41203

    In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, w... Read more

    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-41272

    An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services... Read more

    Affected Products : netweaver_process_integration
    • Published: Dec. 13, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293179 Results