Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2023-2117

    The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.... Read more

    Affected Products : image_optimizer
    • Published: May. 30, 2023
    • Modified: Jan. 10, 2025

  • 2.7

    LOW
    CVE-2023-1084

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner le... Read more

    Affected Products : gitlab
    • Published: Mar. 09, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-55593

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries... Read more

    Affected Products : fortiweb
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2024-30808

    An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.... Read more

    Affected Products : bento4
    • Published: Apr. 02, 2024
    • Modified: May. 27, 2025

  • 2.7

    LOW
    CVE-2024-4195

    Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests. ... Read more

    Affected Products : mattermost_server
    • Published: Apr. 26, 2024
    • Modified: May. 12, 2025

  • 2.7

    LOW
    CVE-2024-38823

    Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2014-4022

    The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive info... Read more

    Affected Products : xen
    • Published: Jul. 09, 2014
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2022-34452

    PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. ... Read more

    Affected Products : powerpath_management_appliance
    • Published: Feb. 10, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-27266

    Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-37833

    Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.... Read more

    Affected Products : etg150_firmware etg150
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-39353

    Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jul. 03, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-26698

    Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.... Read more

    Affected Products : revoworks_browser
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2024-10102

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : robo_gallery robo_gallery
    • Published: Jan. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2023-34110

    Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this... Read more

    Affected Products : flask-appbuilder flask_app_builder
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-28440

    Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared host... Read more

    Affected Products : discourse
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-10492

    A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 2.7

    LOW
    CVE-2024-3073

    The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when v... Read more

    Affected Products : easy_wp_smtp
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-7038

    An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides diff... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Nov. 03, 2024

  • 2.7

    LOW
    CVE-2023-32684

    Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the ... Read more

    Affected Products : lima
    • Published: May. 30, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-32756

    IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ... Read more

    Affected Products : security_verify_directory
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293437 Results