Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2021-43928

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands... Read more

    Affected Products : mail_station
    • EPSS Score: %1.06
    • Published: Feb. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-41681

    There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerab... Read more

    Affected Products : formalms
    • EPSS Score: %0.58
    • Published: Oct. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-6513

    The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.... Read more

    Affected Products : whmcs_reseller_module virtualizor
    • EPSS Score: %0.81
    • Published: Mar. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2023-27881

    A user could use the “Upload Resource” functionality to upload files to any location on the disk. ... Read more

    Affected Products : vuforia_studio
    • EPSS Score: %0.06
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-29510

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translati... Read more

    Affected Products : xwiki
    • EPSS Score: %3.02
    • Published: Apr. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-35150

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programmi... Read more

    Affected Products : xwiki
    • EPSS Score: %33.48
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-14316

    A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case sc... Read more

    Affected Products : openshift_virtualization kubevirt
    • EPSS Score: %0.39
    • Published: Jul. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-39424

    A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability r... Read more

    • EPSS Score: %0.41
    • Published: Sep. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-34827

    Carel Boss Mini 1.5.0 has Improper Access Control.... Read more

    Affected Products : boss_mini_firmware boss_mini
    • EPSS Score: %0.09
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 9.9

    CRITICAL
    CVE-2020-15149

    NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to... Read more

    Affected Products : nodebb
    • EPSS Score: %0.44
    • Published: Aug. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-26475

    XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the do... Read more

    Affected Products : xwiki
    • EPSS Score: %29.36
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-46808

    An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user. ... Read more

    Affected Products : neurons_for_itsm
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-31465

    XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceCl... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 09, 2025

  • 9.9

    CRITICAL
    CVE-2024-3342

    The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied par... Read more

    Affected Products : timetable_and_event_schedule
    • Published: Apr. 27, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-5201

    The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This r... Read more

    Affected Products : openhook
    • EPSS Score: %6.66
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-52219

    Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1. ... Read more

    Affected Products : terms_thumbnails
    • EPSS Score: %0.63
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37091

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elemen... Read more

    Affected Products : consulting_elementor_widgets
    • Published: Jun. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-20777

    Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host t... Read more

    • EPSS Score: %13.77
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-4197

    An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.... Read more

    Affected Products : ip_office
    • Published: Jun. 25, 2024
    • Modified: Jan. 21, 2025

  • 9.9

    CRITICAL
    CVE-2023-30899

    A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All... Read more

    Affected Products : siveillance_video
    • EPSS Score: %1.99
    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291564 Results