Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2025-6943

    Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.... Read more

    Affected Products : secret_server
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2023-42237

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2023-42241

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2023-42239

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2022-2256

    A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.... Read more

    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-56321

    GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's... Read more

    Affected Products : gocd
    • Published: Jan. 03, 2025
    • Modified: Aug. 01, 2025

  • 3.8

    LOW
    CVE-2018-15532

    SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.... Read more

    Affected Products : synaptics_touchpad_driver
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-39324

    aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed... Read more

    Affected Products : ai-admin-graphql
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-10228

    The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in V... Read more

    Affected Products : vagrant vagrant_vmware_utility
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 3.8

    LOW
    CVE-2024-25351

    SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.... Read more

    Affected Products : zoo_management_system
    • Published: Feb. 28, 2024
    • Modified: Mar. 27, 2025

  • 3.8

    LOW
    CVE-2025-25877

    A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data.... Read more

    Affected Products : simple_chatbox
    • Published: Feb. 21, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2024-34218

    TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.... Read more

    Affected Products : cp450_firmware cp450
    • Published: May. 14, 2024
    • Modified: Apr. 04, 2025

  • 3.8

    LOW
    CVE-2023-5159

    Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2025-6217

    PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtai... Read more

    Affected Products : device_driver
    • Published: Jun. 21, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-8160

    Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This fla... Read more

    Affected Products : axis_os
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 3.8

    LOW
    CVE-2024-29963

    Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries. ... Read more

    Affected Products : brocade_sannav
    • Published: Apr. 19, 2024
    • Modified: Feb. 04, 2025

  • 3.8

    LOW
    CVE-2002-2202

    Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.... Read more

    Affected Products : outlook_express
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.8

    LOW
    CVE-2020-26625

    A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.... Read more

    Affected Products : gila_cms
    • Published: Jan. 02, 2024
    • Modified: May. 16, 2025

  • 3.8

    LOW
    CVE-2023-29062

    The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-29128

    A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susce... Read more

    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293509 Results