Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2024-47577

    Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in ... Read more

    Affected Products : commerce_cloud
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 2.7

    LOW
    CVE-2025-32205

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms. This issue affects Piotnet Forms: from n/a through 1.0.30.... Read more

    Affected Products : piotnet_forms
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 2.7

    LOW
    CVE-2023-32684

    Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the ... Read more

    Affected Products : lima
    • Published: May. 30, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-7038

    An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides diff... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Nov. 03, 2024

  • 2.7

    LOW
    CVE-2023-4216

    The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal ... Read more

    Affected Products : orders_tracking_for_woocommerce
    • Published: Sep. 04, 2023
    • Modified: Apr. 23, 2025

  • 2.7

    LOW
    CVE-2023-32114

    SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server una... Read more

    Affected Products : netweaver
    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-50955

    IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.... Read more

    Affected Products : infosphere_information_server
    • Published: Feb. 21, 2024
    • Modified: Dec. 10, 2024

  • 2.7

    LOW
    CVE-2023-27266

    Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-5775

    The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possi... Read more

    Affected Products : backwpup
    • Published: Feb. 26, 2024
    • Modified: Feb. 05, 2025

  • 2.7

    LOW
    CVE-2023-27410

    A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with a backup password longer than 255 characters. This ... Read more

    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2009-3406

    Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.2.1 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 2.7

    LOW
    CVE-2025-2988

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.... Read more

    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2024-40455

    An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.... Read more

    Affected Products : thinksaas
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025

  • 2.7

    LOW
    CVE-2025-22212

    A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend.... Read more

    Affected Products : convert_forms
    • Published: Mar. 05, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2024-45134

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on c... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 2.7

    LOW
    CVE-2025-4563

    A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim status... Read more

    Affected Products : kubernetes
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2019-3729

    RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this ... Read more

    Affected Products : bsafe_micro-edition-suite rsa_bsafe
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-49652

    Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credent... Read more

    Affected Products : google_compute_engine
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-6793

    An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.... Read more

    Affected Products : pan-os prisma_access
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-4089

    On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.... Read more

    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293696 Results