Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2025-53251

    Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a before 7.2.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-20051

    Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially craf... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 24, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2020-13126

    An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code exec... Read more

    Affected Products : elementor_page_builder elementor
    • Published: May. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-10731

    A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.... Read more

    Affected Products : openstack openstack_platform
    • Published: Jul. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-5162

    An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, result... Read more

    Affected Products : mxview awk-3131a_firmware awk-3131a
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-2638

    Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily expl... Read more

    Affected Products : general_ledger
    • Published: Apr. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2016-6902

    lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.... Read more

    Affected Products : lshell
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2025-8795

    A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is possible to initiate... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2024-0402

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a wo... Read more

    Affected Products : gitlab
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-6825

    The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback... Read more

    • Published: Mar. 13, 2024
    • Modified: Jan. 21, 2025

  • 9.9

    CRITICAL
    CVE-2025-24290

    Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.... Read more

    Affected Products :
    • Published: Jun. 29, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2024-46479

    Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.... Read more

    Affected Products : supravizio_bpm
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-0070

    SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can ... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2024-57726

    SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.... Read more

    Affected Products : simplehelp
    • Published: Jan. 15, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-0471

    Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely.... Read more

    Affected Products : pmb
    • Published: Jan. 16, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2019-1365

    An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to ex... Read more

    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-42001

    PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.... Read more

    Affected Products : pingid_desktop
    • Published: Apr. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-20124

    A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the a... Read more

    Affected Products : identity_services_engine
    • Published: Feb. 05, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-1107

    Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a speci... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-24016

    Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI p... Read more

    Affected Products : wazuh
    • Actively Exploited
    • Published: Feb. 10, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 292793 Results