Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2023-3584

    Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override s... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %0.12
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-46824

    The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit e... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-6524

    A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack t... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2023-49619

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will o... Read more

    Affected Products : answer
    • EPSS Score: %0.98
    • Published: Jan. 10, 2024
    • Modified: Jun. 11, 2025

  • 3.1

    LOW
    CVE-2024-53701

    Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an attacker can directly operate the device which its screen ... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 3.1

    LOW
    CVE-2016-9471

    Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical username... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.27
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2025-1207

    A vulnerability was found in phjounin TFTPD64 4.64. It has been declared as problematic. This vulnerability affects unknown code of the component DNS Handler. The manipulation leads to denial of service. The attack needs to be done within the local networ... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2024-41945

    fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the `fund... Read more

    Affected Products :
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-10527

    The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with S... Read more

    Affected Products : spacer
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2016-7199

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."... Read more

    Affected Products : edge internet_explorer
    • EPSS Score: %16.59
    • Published: Nov. 10, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2024-6996

    Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Mar. 13, 2025

  • 3.1

    LOW
    CVE-2024-42194

    An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 3.1

    LOW
    CVE-2023-47634

    Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To e... Read more

    Affected Products : decidim
    • Published: Feb. 29, 2024
    • Modified: Feb. 14, 2025

  • 3.1

    LOW
    CVE-2016-9697

    An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960... Read more

    Affected Products : rational_rhapsody_design_manager
    • EPSS Score: %0.18
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2022-41963

    BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their acce... Read more

    Affected Products : bigbluebutton
    • EPSS Score: %0.04
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2019-10397

    Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.... Read more

    Affected Products : aqua_security_severless_scanner
    • EPSS Score: %0.03
    • Published: Sep. 12, 2019
    • Modified: Nov. 21, 2024

  • 3.0

    LOW
    CVE-2023-31331

    Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 3.0

    LOW
    CVE-2024-42350

    Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 3.0

    LOW
    CVE-2023-6950

    An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service att... Read more

    Affected Products :
    • Published: Apr. 02, 2024
    • Modified: Nov. 21, 2024

  • 3.0

    LOW
    CVE-2024-24901

    Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.... Read more

    Affected Products : powerscale_onefs
    • Published: Mar. 04, 2024
    • Modified: Jan. 08, 2025
Showing 20 of 291634 Results