Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2023-45716

    Sametime is impacted by sensitive information passed in URL. ... Read more

    Affected Products : sametime
    • Published: Feb. 09, 2024
    • Modified: Jun. 03, 2025

  • 4.1

    MEDIUM
    CVE-2024-24742

    SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site S... Read more

    Affected Products : crm_-_webclient_ui
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-6120

    The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary loca... Read more

    • Published: Dec. 09, 2023
    • Modified: Feb. 20, 2025

  • 4.1

    MEDIUM
    CVE-2025-4573

    Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execut... Read more

    Affected Products : mattermost_server
    • Published: Jun. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2025-48470

    Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, o... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2024-2728

    Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol.... Read more

    Affected Products :
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-21178

    In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: Android... Read more

    Affected Products : android
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-3502

    Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of paramet... Read more

    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2018-2773

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attack... Read more

    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-44255

    An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read e... Read more

    • Published: Nov. 12, 2024
    • Modified: Jan. 21, 2025

  • 4.1

    MEDIUM
    CVE-2021-44166

    An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, ev... Read more

    Affected Products : fortitoken_mobile
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-34664

    Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.... Read more

    Affected Products : android
    • Published: Oct. 08, 2024
    • Modified: Jul. 17, 2025

  • 4.1

    MEDIUM
    CVE-2023-29194

    Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive ... Read more

    Affected Products : vitess
    • Published: Apr. 14, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-49822

    IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    • Published: Mar. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.1

    MEDIUM
    CVE-2013-6714

    The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of servi... Read more

    Affected Products : tivoli_storage_flashcopy_manager
    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2025-48710

    kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and r... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 4.1

    MEDIUM
    CVE-2025-3951

    The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress config... Read more

    Affected Products : wp-optimize
    • Published: Jun. 02, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2019-6512

    An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the exis... Read more

    Affected Products : api_manager
    • Published: May. 14, 2019
    • Modified: May. 30, 2025

  • 4.1

    MEDIUM
    CVE-2017-9637

    Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection str... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-56275

    Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14.... Read more

    Affected Products : envato_elements
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 294454 Results