Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2024-41156

    Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users wit... Read more

    • Published: Oct. 29, 2024
    • Modified: Dec. 05, 2024

  • 2.7

    LOW
    CVE-2024-30808

    An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.... Read more

    Affected Products : bento4
    • Published: Apr. 02, 2024
    • Modified: May. 27, 2025

  • 2.7

    LOW
    CVE-2024-28214

    nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 2.7

    LOW
    CVE-2024-52905

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.... Read more

    • Published: Mar. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2025-54234

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary re... Read more

    Affected Products : coldfusion
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 2.7

    LOW
    CVE-2025-48491

    Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2022-40199

    Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure informati... Read more

    Affected Products : ec-cube
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 2.7

    LOW
    CVE-2022-2556

    The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it c... Read more

    Affected Products : mailchimp_for_woocommerce
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-31177

    Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by us... Read more

    • Published: Aug. 01, 2022
    • Modified: Mar. 07, 2025

  • 2.7

    LOW
    CVE-2022-36168

    A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:... Read more

    Affected Products : wuzhicms
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-31120

    Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force ... Read more

    Affected Products : nextcloud_server notes
    • Published: Aug. 04, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-46748

    An authenticated user attempting to change their password could do so without using the current password.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2014-3608

    The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR... Read more

    Affected Products : nova
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2025-52968

    xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-lin... Read more

    Affected Products : xdg-utils
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 2.7

    LOW
    CVE-2023-27410

    A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with a backup password longer than 255 characters. This ... Read more

    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-23549

    Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.... Read more

    Affected Products : checkmk checkmk
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-32756

    IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ... Read more

    Affected Products : security_verify_directory
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-4198

    Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests. ... Read more

    Affected Products : mattermost_server
    • Published: Apr. 26, 2024
    • Modified: May. 12, 2025

  • 2.7

    LOW
    CVE-2024-20912

    Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle ... Read more

    Affected Products : audit_vault_and_database_firewall
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 2.7

    LOW
    CVE-2024-31040

    Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams.... Read more

    Affected Products : nanomq
    • Published: Apr. 17, 2024
    • Modified: Jun. 10, 2025
Showing 20 of 293288 Results