Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2024-40884

    Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 22, 2024
    • Modified: Oct. 17, 2024

  • 2.7

    LOW
    CVE-2021-0991

    In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. ... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-40864

    The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a user's activity.... Read more

    Affected Products : macos
    • Published: Mar. 31, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2022-32756

    IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ... Read more

    Affected Products : security_verify_directory
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-32114

    SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server una... Read more

    Affected Products : netweaver
    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-4216

    The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal ... Read more

    Affected Products : orders_tracking_for_woocommerce
    • Published: Sep. 04, 2023
    • Modified: Apr. 23, 2025

  • 2.7

    LOW
    CVE-2023-3587

    Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2006-6607

    The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing th... Read more

    Affected Products : tivoli_identity_manager
    • Published: Dec. 18, 2006
    • Modified: Apr. 09, 2025

  • 2.7

    LOW
    CVE-2023-48429

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted reque... Read more

    Affected Products : sinec_ins
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-48430

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted req... Read more

    Affected Products : sinec_ins
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-27192

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vul... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Apr. 08, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2024-48455

    An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router ... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2013-5875

    Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity and availability via vectors related to Role Based Access Control (RBAC).... Read more

    Affected Products : solaris sunos
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2023-23549

    Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.... Read more

    Affected Products : checkmk checkmk
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-47266

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with admi... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Path Traversal

  • 2.7

    LOW
    CVE-2025-30369

    Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the ... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 31, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-55655

    sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verifi... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 2.7

    LOW
    CVE-2025-24866

    Mattermost versions 9.11.x <= 9.11.8  fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs.... Read more

    Affected Products : mattermost_server
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2023-49652

    Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credent... Read more

    Affected Products : google_compute_engine
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-45134

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on c... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024
Showing 20 of 293611 Results