Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2024-7296

    An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowe... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-27398

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privi... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 2.7

    LOW
    CVE-2025-48370

    auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Path Traversal

  • 2.7

    LOW
    CVE-2025-46777

    A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secre... Read more

    Affected Products : fortiportal
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2023-21874

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr... Read more

    Affected Products : mysql mysql_server
    • EPSS Score: %0.04
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-2570

    Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via S... Read more

    Affected Products : mattermost_server
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-38822

    Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2024-36464

    When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 2.7

    LOW
    CVE-2024-10492

    A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 2.7

    LOW
    CVE-2015-2115

    Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : capture_and_route_software
    • EPSS Score: %0.10
    • Published: Apr. 27, 2015
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2023-21963

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with net... Read more

    Affected Products : mysql mysql_server
    • EPSS Score: %0.06
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-23600

    Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.... Read more

    Affected Products :
    • Published: Aug. 01, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-35403

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules... Read more

    Affected Products : cp900l_firmware cp900l
    • Published: May. 28, 2024
    • Modified: Apr. 03, 2025

  • 2.7

    LOW
    CVE-2022-4109

    The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (fo... Read more

    Affected Products : wholesale_market_for_woocommerce
    • EPSS Score: %0.15
    • Published: Jan. 02, 2023
    • Modified: Apr. 10, 2025

  • 2.7

    LOW
    CVE-2024-40864

    The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a user's activity.... Read more

    Affected Products : macos
    • Published: Mar. 31, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2025-24474

    An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2014-3608

    The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR... Read more

    Affected Products : nova
    • EPSS Score: %0.69
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2024-40455

    An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.... Read more

    Affected Products : thinksaas
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025

  • 2.7

    LOW
    CVE-2023-21882

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoco... Read more

    Affected Products : mysql mysql_server
    • EPSS Score: %0.06
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-21432

    Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role ... Read more

    Affected Products : database text
    • EPSS Score: %0.08
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291400 Results