Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2022-24768

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-l... Read more

    Affected Products : argo-cd argo_cd
    • EPSS Score: %0.38
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-23603

    iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There ar... Read more

    Affected Products : itunesrpc-remastered
    • EPSS Score: %0.37
    • Published: Feb. 01, 2022
    • Modified: May. 05, 2025

  • 9.9

    CRITICAL
    CVE-2023-22731

    Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to c... Read more

    Affected Products : shopware
    • EPSS Score: %6.27
    • Published: Jan. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-21809

    A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.... Read more

    Affected Products : inrouter302_firmware inrouter302
    • EPSS Score: %1.42
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-20777

    Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host t... Read more

    • EPSS Score: %13.77
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1810

    Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.... Read more

    Affected Products : publify
    • EPSS Score: %0.06
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1680

    An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCI... Read more

    Affected Products : gitlab
    • EPSS Score: %10.77
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-0767

    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.... Read more

    Affected Products : calibre-web calibre-web
    • EPSS Score: %0.20
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-0415

    Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.... Read more

    Affected Products : gogs
    • EPSS Score: %79.33
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-43802

    Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a... Read more

    Affected Products : etherpad
    • EPSS Score: %0.55
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-43362

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1. ... Read more

    Affected Products : hbys
    • EPSS Score: %0.29
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-42952

    Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets ... Read more

    Affected Products : zepl
    • EPSS Score: %2.85
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-42369

    Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.... Read more

    Affected Products : imagicle_uc_suite
    • EPSS Score: %0.70
    • Published: Oct. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-43406

    A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to ... Read more

    Affected Products : groovy_libraries
    • EPSS Score: %0.13
    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-3781

    A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the cont... Read more

    Affected Products : fedora ghostscript
    • EPSS Score: %6.19
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-52408

    Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through 3... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 9.9

    CRITICAL
    CVE-2024-52384

    Unrestricted Upload of File with Dangerous Type vulnerability in Sage AI Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Da... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 9.9

    CRITICAL
    CVE-2025-49113

    Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.... Read more

    Affected Products : webmail roundcube
    • Published: Jun. 02, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-26512

    SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.... Read more

    Affected Products : snapcenter
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2021-38450

    The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.... Read more

    • EPSS Score: %0.28
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292319 Results