Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2025-2570

    Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via S... Read more

    Affected Products : mattermost_server
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-7296

    An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowe... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-2880

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group... Read more

    Affected Products : gitlab
    • Published: Jul. 11, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2012-2696

    The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.... Read more

    Affected Products : enterprise_virtualization_manager
    • EPSS Score: %0.14
    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2014-4021

    Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : xen
    • EPSS Score: %0.23
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2024-35403

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules... Read more

    Affected Products : cp900l_firmware cp900l
    • Published: May. 28, 2024
    • Modified: Apr. 03, 2025

  • 2.7

    LOW
    CVE-2022-4109

    The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (fo... Read more

    Affected Products : wholesale_market_for_woocommerce
    • EPSS Score: %0.15
    • Published: Jan. 02, 2023
    • Modified: Apr. 10, 2025

  • 2.7

    LOW
    CVE-2019-0307

    Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker wi... Read more

    Affected Products : solution_manager
    • EPSS Score: %6.14
    • Published: Jun. 12, 2019
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2019-2872

    Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale). Supported versions that are affected are 17.0.3, 18.0.1 and 19.0.0. Difficult to exploit vulnerability allows physical access to c... Read more

    Affected Products : retail_xstore_point_of_service
    • EPSS Score: %0.15
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-51671

    Missing Authorization vulnerability in ThemeIsle Otter - Gutenberg Block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through 3.0.3.... Read more

    Affected Products : otter_blocks
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 2.7

    LOW
    CVE-2024-55655

    sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verifi... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 2.7

    LOW
    CVE-2024-47266

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with admi... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Path Traversal

  • 2.7

    LOW
    CVE-2013-5875

    Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity and availability via vectors related to Role Based Access Control (RBAC).... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.10
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2014-3608

    The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR... Read more

    Affected Products : nova
    • EPSS Score: %0.69
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2024-32969

    vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new us... Read more

    Affected Products : vantage6
    • Published: May. 23, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-32466

    Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even when API key was missing `translation.view` scope. However, it was impossible to ... Read more

    Affected Products : tolgee
    • Published: Apr. 18, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-3034

    The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and abov... Read more

    Affected Products : backupwordpress
    • Published: Apr. 27, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-46498

    Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php.... Read more

    • Published: Mar. 07, 2024
    • Modified: Mar. 28, 2025

  • 2.7

    LOW
    CVE-2023-48429

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted reque... Read more

    Affected Products : sinec_ins
    • EPSS Score: %0.12
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-31040

    Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams.... Read more

    Affected Products : nanomq
    • Published: Apr. 17, 2024
    • Modified: Jun. 10, 2025
Showing 20 of 291551 Results