Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2025-22449

    Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2025-0914

    An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configu... Read more

    Affected Products : velociraptor
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2023-23814

    Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 3.8

    LOW
    CVE-2024-36349

    A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-36287

    Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.... Read more

    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-29963

    Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries. ... Read more

    Affected Products : brocade_sannav
    • Published: Apr. 19, 2024
    • Modified: Feb. 04, 2025

  • 3.8

    LOW
    CVE-2024-34218

    TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.... Read more

    Affected Products : cp450_firmware cp450
    • Published: May. 14, 2024
    • Modified: Apr. 04, 2025

  • 3.8

    LOW
    CVE-2024-5030

    The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack... Read more

    Affected Products : cm_table_of_contents
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025

  • 3.8

    LOW
    CVE-2025-8298

    Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU dr... Read more

    Affected Products : wi-fi_usb_driver rtl8811au
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-3076

    The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : mm-email2image
    • Published: Apr. 26, 2024
    • Modified: Jun. 10, 2025

  • 3.8

    LOW
    CVE-2024-2972

    The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin t... Read more

    Affected Products : floating_chat_widget
    • Published: Apr. 24, 2024
    • Modified: May. 08, 2025

  • 3.8

    LOW
    CVE-2018-20927

    cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-56321

    GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's... Read more

    Affected Products : gocd
    • Published: Jan. 03, 2025
    • Modified: Aug. 01, 2025

  • 3.8

    LOW
    CVE-2024-25351

    SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.... Read more

    Affected Products : zoo_management_system
    • Published: Feb. 28, 2024
    • Modified: Mar. 27, 2025

  • 3.8

    LOW
    CVE-2023-29062

    The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-6197

    SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.... Read more

    Affected Products : enable_now
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2015-2651

    Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver.... Read more

    Affected Products : solaris
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.8

    LOW
    CVE-2024-20920

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris ex... Read more

    Affected Products : solaris solaris
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 3.8

    LOW
    CVE-2021-3595

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issu... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-21000

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with net... Read more

    • Published: Apr. 16, 2024
    • Modified: Nov. 27, 2024
Showing 20 of 293428 Results