Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2023-28440

    Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared host... Read more

    Affected Products : discourse
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-34110

    Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this... Read more

    Affected Products : flask-appbuilder flask_app_builder
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-49549

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to b... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 25, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2022-34452

    PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. ... Read more

    Affected Products : powerpath_management_appliance
    • Published: Feb. 10, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-50955

    IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.... Read more

    Affected Products : infosphere_information_server
    • Published: Feb. 21, 2024
    • Modified: Dec. 10, 2024

  • 2.7

    LOW
    CVE-2023-37833

    Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.... Read more

    Affected Products : etg150_firmware etg150
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-27266

    Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-39353

    Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jul. 03, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-28214

    nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 2.7

    LOW
    CVE-2025-26698

    Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.... Read more

    Affected Products : revoworks_browser
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2023-32684

    Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the ... Read more

    Affected Products : lima
    • Published: May. 30, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-41962

    BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other ... Read more

    Affected Products : bigbluebutton
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-2400

    Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. ... Read more

    Affected Products : devolutions_server
    • Published: Jun. 20, 2023
    • Modified: Dec. 09, 2024

  • 2.7

    LOW
    CVE-2025-22212

    A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend.... Read more

    Affected Products : convert_forms
    • Published: Mar. 05, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2025-48059

    PowSyBl (Power System Blocks) is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polyno... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 2.7

    LOW
    CVE-2023-45809

    Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rul... Read more

    Affected Products : wagtail wagtail
    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2013-4236

    VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE... Read more

    Affected Products : enterprise_virtualization
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2013-0167

    VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."... Read more

    Affected Products : enterprise_virtualization
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2013-4678

    The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors.... Read more

    Affected Products : backup_exec
    • Published: Aug. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2012-2625

    The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.... Read more

    Affected Products : xen xen-unstable
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293527 Results