Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2024-7598

    A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined... Read more

    Affected Products : kube-apiserver
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-6526

    A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-2424

    Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation.... Read more

    Affected Products : mattermost_server
    • Published: Apr. 14, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2024-36452

    Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a... Read more

    Affected Products : webmin
    • Published: Jul. 10, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-36066

    The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for ... Read more

    Affected Products : ejbca
    • Published: Sep. 12, 2024
    • Modified: Mar. 25, 2025

  • 3.1

    LOW
    CVE-2022-36117

    An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access co... Read more

    Affected Products : blue_prism
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-49755

    Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP acce... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 3.1

    LOW
    CVE-2023-41093

    Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth ... Read more

    • Published: Jul. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-6996

    Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 06, 2024
    • Modified: Mar. 13, 2025

  • 3.1

    LOW
    CVE-2024-53701

    Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an attacker can directly operate the device which its screen ... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 3.1

    LOW
    CVE-2025-5031

    A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2023-3584

    Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override s... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-8042

    Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an emp... Read more

    Affected Products : insight_platform
    • Published: Sep. 09, 2024
    • Modified: Sep. 17, 2024

  • 3.1

    LOW
    CVE-2022-4923

    Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)... Read more

    Affected Products : chrome
    • Published: Jul. 29, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-34414

    The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locati... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 19, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-42194

    An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 3.1

    LOW
    CVE-2023-47634

    Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To e... Read more

    Affected Products : decidim
    • Published: Feb. 29, 2024
    • Modified: Feb. 14, 2025

  • 3.1

    LOW
    CVE-2025-48463

    Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tamp... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cryptography

  • 3.1

    LOW
    CVE-2023-38158

    Microsoft Edge (Chromium-based) Information Disclosure Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Aug. 21, 2023
    • Modified: Feb. 28, 2025

  • 3.1

    LOW
    CVE-2016-7227

    The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."... Read more

    Affected Products : edge internet_explorer
    • Published: Nov. 10, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293329 Results