Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2024-36287

    Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.... Read more

    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-36349

    A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2010-2393

    Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC.... Read more

    Affected Products : solaris opensolaris
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.8

    LOW
    CVE-2025-36581

    Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information ... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 3.8

    LOW
    CVE-2024-13308

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2.... Read more

    • Published: Jan. 09, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.8

    LOW
    CVE-2025-58827

    Improper Control of Generation of Code ('Code Injection') vulnerability in PickPlugins Job Board Manager allows Code Injection. This issue affects Job Board Manager: from n/a through 2.1.61.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2024-45599

    Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly b... Read more

    Affected Products : cursor
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 3.8

    LOW
    CVE-2020-26624

    A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.... Read more

    Affected Products : gila_cms
    • Published: Jan. 02, 2024
    • Modified: Jun. 17, 2025

  • 3.8

    LOW
    CVE-2020-26623

    SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.... Read more

    Affected Products : gila_cms
    • Published: Jan. 02, 2024
    • Modified: Jun. 03, 2025

  • 3.8

    LOW
    CVE-2024-39324

    aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed... Read more

    Affected Products : ai-admin-graphql
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2021-25527

    Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.... Read more

    Affected Products : pay samsung_pay
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2017-4896

    Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.... Read more

    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 3.8

    LOW
    CVE-2023-41044

    Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle featu... Read more

    Affected Products : graylog
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2021-3592

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malic... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-39157

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.... Read more

    Affected Products : idccms idccms
    • Published: Jun. 27, 2024
    • Modified: Apr. 15, 2025

  • 3.8

    LOW
    CVE-2023-42419

    Maintenance Server, in Cybellum's QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could po... Read more

    Affected Products :
    • Published: Mar. 05, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2025-32026

    Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get ... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025

  • 3.8

    LOW
    CVE-2025-32971

    XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr scr... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 3.8

    LOW
    CVE-2014-1420

    On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink at... Read more

    Affected Products : ubuntu-ui-toolkit
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-3076

    The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : mm-email2image
    • Published: Apr. 26, 2024
    • Modified: Jun. 10, 2025
Showing 20 of 294538 Results