Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2024-48929

    Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and ... Read more

    Affected Products : umbraco_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 4.2

    MEDIUM
    CVE-2024-42795

    An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.... Read more

    Affected Products : music_management_system
    • Published: Sep. 16, 2024
    • Modified: Apr. 28, 2025

  • 4.2

    MEDIUM
    CVE-2021-43221

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-26708

    There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service.... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2024-21808

    Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 4.2

    MEDIUM
    CVE-2025-52712

    Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Path Traversal. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 4.2

    MEDIUM
    CVE-2025-23301

    NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-58067

    Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. Normally the value of this U... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-46336

    Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may ... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 4.2

    MEDIUM
    CVE-2025-52880

    Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting (XSS) vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epu... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2025-2440

    CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in fa... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Information Disclosure

  • 4.2

    MEDIUM
    CVE-2024-11197

    The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attacke... Read more

    Affected Products : lock_user_account
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2019-14353

    On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a... Read more

    Affected Products : one_firmware one
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-33009

    SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impa... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-3318

    A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access fi... Read more

    Affected Products :
    • Published: May. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-41597

    Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.... Read more

    Affected Products : processwire
    • Published: Jul. 19, 2024
    • Modified: Jul. 09, 2025

  • 4.2

    MEDIUM
    CVE-2024-31965

    A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversa... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2021-33881

    On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific ap... Read more

    • Published: Jun. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-20026

    In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID:... Read more

    Affected Products : android mt6779 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 mt6739 +10 more products
    • Published: Mar. 04, 2024
    • Modified: Apr. 22, 2025

  • 4.2

    MEDIUM
    CVE-2023-20845

    In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID... Read more

    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292845 Results