Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2023-39424

    A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability r... Read more

    • EPSS Score: %0.41
    • Published: Sep. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-38702

    Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the s... Read more

    Affected Products : knowage
    • EPSS Score: %0.27
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-38547

    A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configurati... Read more

    Affected Products : one
    • EPSS Score: %10.65
    • Published: Nov. 07, 2023
    • Modified: Mar. 06, 2025

  • 9.9

    CRITICAL
    CVE-2025-2945

    Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint... Read more

    Affected Products : pgadmin
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2023-37914

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution inc... Read more

    Affected Products : xwiki
    • EPSS Score: %4.32
    • Published: Aug. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-0066

    Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, ... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Information Disclosure

  • 9.9

    CRITICAL
    CVE-2024-6678

    An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certai... Read more

    Affected Products : gitlab
    • Published: Sep. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-28476

    Windows Hyper-V Remote Code Execution Vulnerability... Read more

    • EPSS Score: %63.20
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-37271

    RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessi... Read more

    Affected Products : restrictedpython
    • EPSS Score: %0.23
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-40714

    A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements... Read more

    Affected Products : fortisiem
    • Published: Apr. 02, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2024-42327

    A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called fro... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 9.9

    CRITICAL
    CVE-2024-39931

    Gogs through 0.13.0 allows deletion of internal files.... Read more

    Affected Products : gogs
    • Published: Jul. 04, 2024
    • Modified: Apr. 10, 2025

  • 9.9

    CRITICAL
    CVE-2024-12828

    Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exist... Read more

    Affected Products : webmin
    • Published: Dec. 30, 2024
    • Modified: Aug. 14, 2025

  • 9.9

    CRITICAL
    CVE-2023-36468

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some ... Read more

    Affected Products : xwiki
    • EPSS Score: %7.19
    • Published: Jun. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3919

    An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fi... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.30
    • Published: Aug. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3865

    An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. A... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.39
    • Published: Sep. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-34063

    Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. ... Read more

    Affected Products : cloud_foundation aria_automation
    • EPSS Score: %0.17
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 9.9

    CRITICAL
    CVE-2023-31415

    Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary command... Read more

    Affected Products : kibana
    • EPSS Score: %0.62
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025

  • 9.9

    CRITICAL
    CVE-2023-25765

    In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code ... Read more

    Affected Products : email_extension
    • EPSS Score: %0.03
    • Published: Feb. 15, 2023
    • Modified: Mar. 19, 2025

  • 9.9

    CRITICAL
    CVE-2023-25616

    In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileg... Read more

    • EPSS Score: %0.47
    • Published: Mar. 14, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292628 Results