Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2024-22123

    Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log... Read more

    Affected Products : zabbix
    • Published: Aug. 12, 2024
    • Modified: Dec. 10, 2024

  • 2.7

    LOW
    CVE-2024-23600

    Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.... Read more

    Affected Products :
    • Published: Aug. 01, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-21963

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with net... Read more

    Affected Products : mysql mysql_server
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2014-3493

    The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without... Read more

    Affected Products : samba
    • Published: Jun. 23, 2014
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2023-4089

    On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.... Read more

    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-30703

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more

    Affected Products : mysql_server
    • Published: Apr. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-38822

    Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-0760

    A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption.... Read more

    Affected Products :
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2013-4236

    VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE... Read more

    Affected Products : enterprise_virtualization
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2025-2570

    Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via S... Read more

    Affected Products : mattermost_server
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-31450

    Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete cust... Read more

    Affected Products : owncast
    • Published: Apr. 19, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-44114

    SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 2.7

    LOW
    CVE-2024-45135

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security mea... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 2.7

    LOW
    CVE-2024-45133

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on c... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 2.7

    LOW
    CVE-2024-45149

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass sec... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Dec. 12, 2024

  • 2.7

    LOW
    CVE-2023-45809

    Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rul... Read more

    Affected Products : wagtail wagtail
    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2019-0307

    Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker wi... Read more

    Affected Products : solution_manager
    • Published: Jun. 12, 2019
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-48429

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted reque... Read more

    Affected Products : sinec_ins
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-48430

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted req... Read more

    Affected Products : sinec_ins
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-31120

    Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force ... Read more

    Affected Products : nextcloud_server notes
    • Published: Aug. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293425 Results