Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2024-34218

    TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.... Read more

    Affected Products : cp450_firmware cp450
    • Published: May. 14, 2024
    • Modified: Apr. 04, 2025

  • 3.8

    LOW
    CVE-2024-5030

    The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack... Read more

    Affected Products : cm_table_of_contents
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025

  • 3.8

    LOW
    CVE-2024-5445

    Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Jan. 07, 2025

  • 3.8

    LOW
    CVE-2024-30142

    HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.... Read more

    Affected Products : bigfix_compliance
    • Published: Nov. 07, 2024
    • Modified: Jun. 17, 2025

  • 3.8

    LOW
    CVE-2023-5159

    Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-45599

    Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly b... Read more

    Affected Products : cursor
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 3.8

    LOW
    CVE-2025-25877

    A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data.... Read more

    Affected Products : simple_chatbox
    • Published: Feb. 21, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2020-26623

    SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.... Read more

    Affected Products : gila_cms
    • Published: Jan. 02, 2024
    • Modified: Jun. 03, 2025

  • 3.8

    LOW
    CVE-2017-4896

    Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.... Read more

    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 3.8

    LOW
    CVE-2020-26624

    A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.... Read more

    Affected Products : gila_cms
    • Published: Jan. 02, 2024
    • Modified: Jun. 17, 2025

  • 3.8

    LOW
    CVE-2024-39324

    aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed... Read more

    Affected Products : ai-admin-graphql
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2020-26229

    TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not pos... Read more

    Affected Products : typo3
    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-0347

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements... Read more

    Affected Products : engineers_online_portal
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-28168

    Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 3.7

    LOW
    CVE-2024-30480

    Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows Functionality Bypass.This issue affects CGC Maintenance Mode: from n/a through 1.2.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-2482

    A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The m... Read more

    Affected Products : hostel_management_system
    • Published: Mar. 15, 2024
    • Modified: Jan. 23, 2025

  • 3.7

    LOW
    CVE-2022-48366

    An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.... Read more

    • Published: Mar. 12, 2023
    • Modified: Mar. 04, 2025

  • 3.7

    LOW
    CVE-2001-1085

    Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : lmail
    • Published: Jul. 05, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2000-1096

    crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute a... Read more

    Affected Products : vixie_cron
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2004-1683

    A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.... Read more

    Affected Products : rtos
    • Published: Sep. 13, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293589 Results