Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2025-30877

    Missing Authorization vulnerability in fatcatapps Quiz Cat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Quiz Cat: from n/a through 3.0.8.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-50104

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access ... Read more

    Affected Products : mysql mysql_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Denial of Service

  • 2.7

    LOW
    CVE-2025-30258

    In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "ve... Read more

    Affected Products : gnupg
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Denial of Service

  • 2.7

    LOW
    CVE-2024-20905

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with ... Read more

    Affected Products : jd_edwards_enterpriseone_tools
    • Published: Feb. 17, 2024
    • Modified: Mar. 27, 2025

  • 2.7

    LOW
    CVE-2024-44114

    SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 2.7

    LOW
    CVE-2025-2570

    Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via S... Read more

    Affected Products : mattermost_server
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-31450

    Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete cust... Read more

    Affected Products : owncast
    • Published: Apr. 19, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-42333

    The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 2.7

    LOW
    CVE-2025-50098

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more

    Affected Products : mysql mysql_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service

  • 2.7

    LOW
    CVE-2024-23600

    Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.... Read more

    Affected Products :
    • Published: Aug. 01, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-29947

    There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality. ... Read more

    Affected Products :
    • Published: Apr. 02, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-27597

    A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, Qu... Read more

    • Published: Mar. 29, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-2459

    An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Gro... Read more

    Affected Products : gitlab
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-40864

    The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a user's activity.... Read more

    Affected Products : macos
    • Published: Mar. 31, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2024-40884

    Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 22, 2024
    • Modified: Oct. 17, 2024

  • 2.7

    LOW
    CVE-2024-29852

    Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: May. 22, 2024
    • Modified: Jul. 03, 2025

  • 2.7

    LOW
    CVE-2021-22133

    The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the ... Read more

    Affected Products : apm_agent
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-27598

    A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, Qu... Read more

    • Published: Mar. 29, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2014-4021

    Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : xen
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2025-27192

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vul... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Apr. 08, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authentication
Showing 20 of 293505 Results