Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-6050

    Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before includi... Read more

    Affected Products : mezzanine
    • Published: Jun. 17, 2025
    • Modified: Jul. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-27926

    A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.... Read more

    Affected Products : collaboration
    • Actively Exploited
    • EPSS Score: %94.28
    • Published: Apr. 21, 2022
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2022-33891

    The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path ... Read more

    Affected Products : spark
    • Actively Exploited
    • EPSS Score: %93.10
    • Published: Jul. 18, 2022
    • Modified: Jul. 30, 2025

  • 9.6

    CRITICAL
    CVE-2022-3075

    Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • Actively Exploited
    • EPSS Score: %1.33
    • Published: Sep. 26, 2022
    • Modified: Jul. 30, 2025

  • 5.8

    MEDIUM
    CVE-2024-20293

    A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offere... Read more

    • Published: May. 22, 2024
    • Modified: Jul. 30, 2025

  • 5.0

    MEDIUM
    CVE-2024-20355

    A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to su... Read more

    • Published: May. 22, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2018-1273

    Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can... Read more

    • Actively Exploited
    • EPSS Score: %94.01
    • Published: Apr. 11, 2018
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-2244

    A vulnerability in the sendMailFromRemoteSource method in Emails.php  as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger... Read more

    Affected Products : gravityzone
    • Published: Apr. 04, 2025
    • Modified: Jul. 30, 2025

  • 7.3

    HIGH
    CVE-2025-2243

    A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for ... Read more

    Affected Products : gravityzone
    • Published: Apr. 04, 2025
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2019-0880

    A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.... Read more

    • Actively Exploited
    • EPSS Score: %1.37
    • Published: Jul. 15, 2019
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2019-6693

    Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data... Read more

    Affected Products : fortios
    • Actively Exploited
    • EPSS Score: %74.88
    • Published: Nov. 21, 2019
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2020-11738

    The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.... Read more

    Affected Products : duplicator
    • Actively Exploited
    • EPSS Score: %94.23
    • Published: Apr. 13, 2020
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2020-16009

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    • Actively Exploited
    • EPSS Score: %80.72
    • Published: Nov. 03, 2020
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2020-16013

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome
    • Actively Exploited
    • EPSS Score: %25.50
    • Published: Jan. 08, 2021
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2020-8195

    Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low... Read more

    • Actively Exploited
    • EPSS Score: %85.27
    • Published: Jul. 10, 2020
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2020-8218

    A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.... Read more

    • Actively Exploited
    • EPSS Score: %91.07
    • Published: Jul. 30, 2020
    • Modified: Jul. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-4253

    A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized ... Read more

    Affected Products : gradio video
    • Published: Jun. 04, 2024
    • Modified: Jul. 30, 2025

  • 9.3

    CRITICAL
    CVE-2025-1987

    A Cross-Site Scripting (XSS) vulnerability has been identified in Psono-Client’s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a... Read more

    Affected Products : psono_client securepass
    • Published: Jun. 21, 2025
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2021-20022

    SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.... Read more

    • Actively Exploited
    • EPSS Score: %46.26
    • Published: Apr. 09, 2021
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-20038

    A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200,... Read more

    • Actively Exploited
    • EPSS Score: %94.29
    • Published: Dec. 08, 2021
    • Modified: Jul. 30, 2025
Showing 20 of 291024 Results