Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2025-6168

    An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-48370

    auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Path Traversal

  • 2.7

    LOW
    CVE-2025-4972

    An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-2988

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.... Read more

    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2024-5967

    A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL  independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm)... Read more

    Affected Products : keycloak keycloak build_of_keycloak
    • Published: Jun. 18, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2013-0167

    VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."... Read more

    Affected Products : enterprise_virtualization
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2025-27192

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vul... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Apr. 08, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-50066

    Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Execute on... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-50104

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access ... Read more

    Affected Products : mysql mysql_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Denial of Service

  • 2.7

    LOW
    CVE-2025-30877

    Missing Authorization vulnerability in fatcatapps Quiz Cat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Quiz Cat: from n/a through 3.0.8.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2019-2872

    Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale). Supported versions that are affected are 17.0.3, 18.0.1 and 19.0.0. Difficult to exploit vulnerability allows physical access to c... Read more

    Affected Products : retail_xstore_point_of_service
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2019-3729

    RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this ... Read more

    Affected Products : bsafe_micro-edition-suite rsa_bsafe
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-4563

    A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim status... Read more

    Affected Products : kubernetes
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-45134

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on c... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 2.7

    LOW
    CVE-2023-29293

    Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vuln... Read more

    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-27410

    A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with a backup password longer than 255 characters. This ... Read more

    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-40455

    An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.... Read more

    Affected Products : thinksaas
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025

  • 2.7

    LOW
    CVE-2024-23760

    Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.... Read more

    Affected Products : gambio
    • Published: Feb. 12, 2024
    • Modified: Mar. 28, 2025

  • 2.7

    LOW
    CVE-2023-32114

    SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server una... Read more

    Affected Products : netweaver
    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-49843

    conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_headers function in the conda-smithy repository creates files with permissions e... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293613 Results