Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2023-4216

    The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal ... Read more

    Affected Products : orders_tracking_for_woocommerce
    • EPSS Score: %0.10
    • Published: Sep. 04, 2023
    • Modified: Apr. 23, 2025

  • 2.7

    LOW
    CVE-2025-0760

    A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption.... Read more

    Affected Products :
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2024-2880

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group... Read more

    Affected Products : gitlab
    • Published: Jul. 11, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-3177

    A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the e... Read more

    Affected Products : kubernetes
    • Published: Apr. 22, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2010-3699

    The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm command... Read more

    Affected Products : xen
    • EPSS Score: %0.42
    • Published: Dec. 08, 2010
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2012-2696

    The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.... Read more

    Affected Products : enterprise_virtualization_manager
    • EPSS Score: %0.14
    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2025-30703

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more

    Affected Products : mysql_server
    • Published: Apr. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2023-2400

    Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. ... Read more

    Affected Products : devolutions_server
    • EPSS Score: %0.10
    • Published: Jun. 20, 2023
    • Modified: Dec. 09, 2024

  • 2.7

    LOW
    CVE-2022-41962

    BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other ... Read more

    Affected Products : bigbluebutton
    • EPSS Score: %0.05
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-23760

    Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.... Read more

    Affected Products : gambio
    • EPSS Score: %0.06
    • Published: Feb. 12, 2024
    • Modified: Mar. 28, 2025

  • 2.7

    LOW
    CVE-2025-52968

    xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-lin... Read more

    Affected Products : xdg-utils
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 2.7

    LOW
    CVE-2025-24866

    Mattermost versions 9.11.x <= 9.11.8  fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs.... Read more

    Affected Products : mattermost_server
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-47266

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with admi... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Path Traversal

  • 2.7

    LOW
    CVE-2024-28830

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.... Read more

    Affected Products : checkmk checkmk
    • Published: Jun. 26, 2024
    • Modified: Dec. 04, 2024

  • 2.7

    LOW
    CVE-2023-28440

    Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared host... Read more

    Affected Products : discourse
    • EPSS Score: %0.12
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-23549

    Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.... Read more

    Affected Products : checkmk checkmk
    • EPSS Score: %0.05
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-37361

    REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.... Read more

    Affected Products : redcap
    • EPSS Score: %0.05
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-31120

    Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force ... Read more

    Affected Products : nextcloud_server notes
    • EPSS Score: %0.45
    • Published: Aug. 04, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-31177

    Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by us... Read more

    • EPSS Score: %0.36
    • Published: Aug. 01, 2022
    • Modified: Mar. 07, 2025

  • 2.7

    LOW
    CVE-2025-46748

    An authenticated user attempting to change their password could do so without using the current password.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication
Showing 20 of 291562 Results