Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2022-34452

    PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. ... Read more

    Affected Products : powerpath_management_appliance
    • Published: Feb. 10, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-41962

    BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other ... Read more

    Affected Products : bigbluebutton
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-2117

    The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.... Read more

    Affected Products : image_optimizer
    • Published: May. 30, 2023
    • Modified: Jan. 10, 2025

  • 2.7

    LOW
    CVE-2024-20912

    Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle ... Read more

    Affected Products : audit_vault_and_database_firewall
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 2.7

    LOW
    CVE-2023-32114

    SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server una... Read more

    Affected Products : netweaver
    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-3587

    Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-27265

    Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-28830

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.... Read more

    Affected Products : checkmk checkmk
    • Published: Jun. 26, 2024
    • Modified: Dec. 04, 2024

  • 2.7

    LOW
    CVE-2024-32969

    vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new us... Read more

    Affected Products : vantage6
    • Published: May. 23, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-3034

    The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and abov... Read more

    Affected Products : backupwordpress
    • Published: Apr. 27, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-32882

    Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the `wagtail.contrib.settings` module or `ModelViewSet`, and the `permission` argument on `FieldPanel` has bee... Read more

    Affected Products : wagtail wagtail
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-31450

    Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete cust... Read more

    Affected Products : owncast
    • Published: Apr. 19, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-42179

    HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 12, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2025-31003

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze allows Retrieve Embedded Sensitive Data. This issue affects Squeeze: from n/a through 1.6.... Read more

    Affected Products : squeeze
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2025-30681

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network... Read more

    Affected Products : mysql_server mysql_cluster
    • Published: Apr. 15, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Denial of Service

  • 2.7

    LOW
    CVE-2025-27686

    Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with re... Read more

    Affected Products : unisphere_for_powermax
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2010-3699

    The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm command... Read more

    Affected Products : xen
    • Published: Dec. 08, 2010
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2014-0624

    EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors.... Read more

    Affected Products : rsa_data_loss_prevention
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.7

    LOW
    CVE-2024-38823

    Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2024-37253

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Directory Kit: from n/a through 1.3.6.... Read more

    Affected Products : wp_directory_kit
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293674 Results