Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2024-35039

    idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.... Read more

    Affected Products : idccms idccms
    • Published: May. 16, 2024
    • Modified: Apr. 15, 2025

  • 3.8

    LOW
    CVE-2024-25351

    SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.... Read more

    Affected Products : zoo_management_system
    • Published: Feb. 28, 2024
    • Modified: Mar. 27, 2025

  • 3.8

    LOW
    CVE-2023-29128

    A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susce... Read more

    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2025-3456

    On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-... Read more

    Affected Products : eos
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2025-53971

    Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API ... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2025-36581

    Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information ... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 3.8

    LOW
    CVE-2023-4304

    Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0. ... Read more

    Affected Products : froxlor
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-1742

    Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.... Read more

    Affected Products : checkmk checkmk
    • Published: Mar. 22, 2024
    • Modified: Dec. 04, 2024

  • 3.8

    LOW
    CVE-2025-58827

    Improper Control of Generation of Code ('Code Injection') vulnerability in PickPlugins Job Board Manager allows Code Injection. This issue affects Job Board Manager: from n/a through 2.1.61.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2024-6219

    Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.... Read more

    Affected Products : lxd
    • Published: Dec. 06, 2024
    • Modified: Aug. 28, 2025

  • 3.8

    LOW
    CVE-2024-13308

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2.... Read more

    • Published: Jan. 09, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.8

    LOW
    CVE-2017-4896

    Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.... Read more

    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 3.8

    LOW
    CVE-2022-23721

    PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.... Read more

    • Published: Apr. 25, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2022-21295

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2018-15532

    SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.... Read more

    Affected Products : synaptics_touchpad_driver
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-38660

    Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 3.8

    LOW
    CVE-2025-32971

    XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr scr... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 3.8

    LOW
    CVE-2022-22450

    IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.... Read more

    • Published: Jul. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2025-6217

    PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtai... Read more

    Affected Products : device_driver
    • Published: Jun. 21, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-5030

    The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack... Read more

    Affected Products : cm_table_of_contents
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025
Showing 20 of 293659 Results