Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2020-17363

    USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.... Read more

    Affected Products : usvn
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-15715

    rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.... Read more

    Affected Products : rconfig
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-11091

    An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is a... Read more

    Affected Products : myprocurenet
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-15149

    NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to... Read more

    Affected Products : nodebb
    • Published: Aug. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-14316

    A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case sc... Read more

    Affected Products : openshift_virtualization kubevirt
    • Published: Jul. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-11082

    The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attac... Read more

    Affected Products : tumult_hype_animations
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 9.9

    CRITICAL
    CVE-2020-13774

    An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extensio... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-10960

    The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with ... Read more

    Affected Products : brizy
    • Published: Feb. 12, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-53251

    Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a before 7.2.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-20051

    Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially craf... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 24, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2020-13126

    An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code exec... Read more

    Affected Products : elementor_page_builder elementor
    • Published: May. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-10731

    A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.... Read more

    Affected Products : openstack openstack_platform
    • Published: Jul. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-5162

    An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, result... Read more

    Affected Products : mxview awk-3131a_firmware awk-3131a
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-2638

    Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily expl... Read more

    Affected Products : general_ledger
    • Published: Apr. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2016-6902

    lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.... Read more

    Affected Products : lshell
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2025-8795

    A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is possible to initiate... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2024-0402

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a wo... Read more

    Affected Products : gitlab
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-6825

    The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback... Read more

    • Published: Mar. 13, 2024
    • Modified: Jan. 21, 2025

  • 9.9

    CRITICAL
    CVE-2025-24290

    Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.... Read more

    Affected Products :
    • Published: Jun. 29, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2024-46479

    Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.... Read more

    Affected Products : supravizio_bpm
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Authentication
Showing 20 of 293289 Results