Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2025-49843

    conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_headers function in the conda-smithy repository creates files with permissions e... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2025-36576

    Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.... Read more

    Affected Products : wyse_management_suite
    • Published: Jun. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 2.7

    LOW
    CVE-2012-0091

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52.05 allows remote authenticated users to affect integrity and availability via unknown vectors related to Upgrade Change Assistance.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2024-29947

    There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality. ... Read more

    Affected Products :
    • Published: Apr. 02, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2009-3406

    Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.2.1 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 2.7

    LOW
    CVE-2023-50785

    Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: Jan. 25, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-23600

    Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.... Read more

    Affected Products :
    • Published: Aug. 01, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-29293

    Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vuln... Read more

    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-59047

    matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in m... Read more

    Affected Products : matrix-rust-sdk
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 2.7

    LOW
    CVE-2023-22038

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-3034

    The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and abov... Read more

    Affected Products : backupwordpress
    • Published: Apr. 27, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-40199

    Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure informati... Read more

    Affected Products : ec-cube
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 2.7

    LOW
    CVE-2022-39409

    Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with ... Read more

    Affected Products : transportation_management
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-32684

    Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the ... Read more

    Affected Products : lima
    • Published: May. 30, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-7038

    An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides diff... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Nov. 03, 2024

  • 2.7

    LOW
    CVE-2023-27265

    Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2014-4022

    The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive info... Read more

    Affected Products : xen
    • Published: Jul. 09, 2014
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2023-37361

    REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.... Read more

    Affected Products : redcap
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-26698

    Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.... Read more

    Affected Products : revoworks_browser
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2023-34110

    Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this... Read more

    Affected Products : flask-appbuilder flask_app_builder
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293559 Results