Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2025-0471

    Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely.... Read more

    Affected Products : pmb
    • Published: Jan. 16, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2021-32834

    Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy s... Read more

    Affected Products : keti
    • EPSS Score: %0.33
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-42001

    PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.... Read more

    Affected Products : pingid_desktop
    • EPSS Score: %0.22
    • Published: Apr. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-39327

    Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility to obtain CA signing in an illegitimate way.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-24677

    Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0.3.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-20124

    A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the a... Read more

    Affected Products : identity_services_engine
    • Published: Feb. 05, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-1107

    Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a speci... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-24016

    Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI p... Read more

    Affected Products : wazuh
    • Actively Exploited
    • Published: Feb. 10, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-29827

    Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_automation
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-32469

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All ... Read more

    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-33025

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All ... Read more

    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-25015

    Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8... Read more

    Affected Products : kibana
    • Published: Mar. 05, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-26872

    Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-26892

    Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-47282

    Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative p... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-47284

    Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a use... Read more

    Affected Products : gardener
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-47949

    samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by... Read more

    Affected Products : samlify
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-52207

    PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-48169

    Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine allows Remote Code Inclusion. This issue affects Code Engine: from n/a through 0.3.3.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-53213

    Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping allows Using Malicious Files. This issue affects ReachShip WooCommerce Multi-Carrier & Conditional Shipping: from n/a ... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291615 Results