Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2023-34110

    Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this... Read more

    Affected Products : flask-appbuilder flask_app_builder
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-10102

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : robo_gallery robo_gallery
    • Published: Jan. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2022-31120

    Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force ... Read more

    Affected Products : nextcloud_server notes
    • Published: Aug. 04, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-28808

    An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications.... Read more

    Affected Products : hit_7300_firmware hit_7300
    • Published: Sep. 30, 2024
    • Modified: May. 30, 2025

  • 2.7

    LOW
    CVE-2024-4198

    Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests. ... Read more

    Affected Products : mattermost_server
    • Published: Apr. 26, 2024
    • Modified: May. 12, 2025

  • 2.7

    LOW
    CVE-2023-3587

    Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-4216

    The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal ... Read more

    Affected Products : orders_tracking_for_woocommerce
    • Published: Sep. 04, 2023
    • Modified: Apr. 23, 2025

  • 2.7

    LOW
    CVE-2023-32114

    SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server una... Read more

    Affected Products : netweaver
    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-20912

    Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle ... Read more

    Affected Products : audit_vault_and_database_firewall
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 2.7

    LOW
    CVE-2023-2117

    The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.... Read more

    Affected Products : image_optimizer
    • Published: May. 30, 2023
    • Modified: Jan. 10, 2025

  • 2.7

    LOW
    CVE-2013-5875

    Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity and availability via vectors related to Role Based Access Control (RBAC).... Read more

    Affected Products : solaris sunos
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2022-2841

    A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The manipulation leads to missing authorization. It is poss... Read more

    Affected Products : falcon
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-22038

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-35931

    Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the valida... Read more

    Affected Products : nextcloud_server notes password_policy
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-32969

    vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new us... Read more

    Affected Products : vantage6
    • Published: May. 23, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-30369

    Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the ... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 31, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-24866

    Mattermost versions 9.11.x <= 9.11.8  fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs.... Read more

    Affected Products : mattermost_server
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-30507

    Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7. ... Read more

    Affected Products :
    • Published: Mar. 29, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-32684

    Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the ... Read more

    Affected Products : lima
    • Published: May. 30, 2023
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2010-2414

    Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : sun_products_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293261 Results