Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2024-1742

    Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.... Read more

    Affected Products : checkmk checkmk
    • Published: Mar. 22, 2024
    • Modified: Dec. 04, 2024

  • 3.8

    LOW
    CVE-2024-35039

    idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.... Read more

    Affected Products : idccms idccms
    • Published: May. 16, 2024
    • Modified: Apr. 15, 2025

  • 3.8

    LOW
    CVE-2025-6217

    PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtai... Read more

    Affected Products : device_driver
    • Published: Jun. 21, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-3076

    The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : mm-email2image
    • Published: Apr. 26, 2024
    • Modified: Jun. 10, 2025

  • 3.8

    LOW
    CVE-2024-2972

    The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin t... Read more

    Affected Products : floating_chat_widget
    • Published: Apr. 24, 2024
    • Modified: May. 08, 2025

  • 3.8

    LOW
    CVE-2023-4304

    Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0. ... Read more

    Affected Products : froxlor
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-26592

    Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access.... Read more

    Affected Products : thunderbolt_dch_driver
    • Published: Feb. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-27303

    Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : thunderbolt_dch_driver
    • Published: Feb. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-5470

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.... Read more

    Affected Products : gitlab
    • Published: Jul. 11, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2007-1352

    Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.... Read more

    • Published: Apr. 06, 2007
    • Modified: Apr. 09, 2025

  • 3.8

    LOW
    CVE-2023-42235

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2023-52584

    In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmi_controller. On device remove, spmi_controller will be freed first, an... Read more

    Affected Products : linux_kernel
    • Published: Mar. 06, 2024
    • Modified: Mar. 14, 2025

  • 3.8

    LOW
    CVE-2023-42240

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2023-42242

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2023-42238

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2023-42236

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2022-2307

    A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Acces... Read more

    Affected Products : gitlab
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-25351

    SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.... Read more

    Affected Products : zoo_management_system
    • Published: Feb. 28, 2024
    • Modified: Mar. 27, 2025

  • 3.8

    LOW
    CVE-2016-3159

    The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by le... Read more

    Affected Products : fedora debian_linux xen vm_server
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 3.8

    LOW
    CVE-2017-18384

    cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293414 Results