Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2024-35403

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules... Read more

    Affected Products : cp900l_firmware cp900l
    • Published: May. 28, 2024
    • Modified: Apr. 03, 2025

  • 2.7

    LOW
    CVE-2022-4109

    The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (fo... Read more

    Affected Products : wholesale_market_for_woocommerce
    • Published: Jan. 02, 2023
    • Modified: Apr. 10, 2025

  • 2.7

    LOW
    CVE-2024-38823

    Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2024-36464

    When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 2.7

    LOW
    CVE-2024-41728

    Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise ... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 2.7

    LOW
    CVE-2024-4214

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: from n/a through 4.15.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-49549

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to b... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 25, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2023-48303

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details... Read more

    Affected Products : nextcloud_server notes
    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-30808

    An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.... Read more

    Affected Products : bento4
    • Published: Apr. 02, 2024
    • Modified: May. 27, 2025

  • 2.7

    LOW
    CVE-2024-29733

    Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl... Read more

    Affected Products : apache-airflow-providers-ftp
    • Published: Apr. 21, 2024
    • Modified: Jul. 10, 2025

  • 2.7

    LOW
    CVE-2024-45149

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass sec... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Dec. 12, 2024

  • 2.7

    LOW
    CVE-2024-45133

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on c... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 2.7

    LOW
    CVE-2024-45135

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security mea... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 2.7

    LOW
    CVE-2024-10492

    A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 2.7

    LOW
    CVE-2025-48491

    Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2024-3073

    The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when v... Read more

    Affected Products : easy_wp_smtp
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-47293

    PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity (XXE) attack and to a server-side request forgery (SSRF) atta... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: XML External Entity

  • 2.7

    LOW
    CVE-2025-55193

    Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI seque... Read more

    Affected Products : rails
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2024-7296

    An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowe... Read more

    Affected Products : gitlab
    • Published: Mar. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2022-3710

    A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.... Read more

    • Published: Dec. 01, 2022
    • Modified: Apr. 23, 2025
Showing 20 of 293609 Results