Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2024-10228

    The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in V... Read more

    Affected Products : vagrant vagrant_vmware_utility
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 3.8

    LOW
    CVE-2024-3628

    The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : easyevent
    • Published: May. 07, 2024
    • Modified: May. 09, 2025

  • 3.8

    LOW
    CVE-2025-46094

    LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.... Read more

    Affected Products : liquidfiles
    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 3.8

    LOW
    CVE-2025-53971

    Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API ... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2021-3592

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malic... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2022-23721

    PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.... Read more

    • Published: Apr. 25, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2022-21295

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2025-24388

    A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin user. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X ... Read more

    Affected Products : otrs
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2025-0914

    An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configu... Read more

    Affected Products : velociraptor
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2025-22449

    Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2024-13116

    The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : crelly_slider
    • Published: Jan. 27, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.8

    LOW
    CVE-2023-42240

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2022-2307

    A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Acces... Read more

    Affected Products : gitlab
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-31144

    For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs). The metadata ... Read more

    Affected Products : xen
    • Published: Feb. 14, 2025
    • Modified: Apr. 26, 2025
    • Vuln Type: Misconfiguration

  • 3.8

    LOW
    CVE-2024-51324

    An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 3.8

    LOW
    CVE-2024-4028

    A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.8

    LOW
    CVE-2024-55592

    An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all ver... Read more

    Affected Products : fortisiem
    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2024-8160

    Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This fla... Read more

    Affected Products : axis_os
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 3.8

    LOW
    CVE-2016-3159

    The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by le... Read more

    Affected Products : fedora debian_linux xen vm_server
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 3.8

    LOW
    CVE-2017-18384

    cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293673 Results