Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.8

    LOW
    CVE-2024-0080

    NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service. ... Read more

    Affected Products :
    • Published: Apr. 05, 2024
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2024-53921

    An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process.... Read more

    Affected Products : windows magician
    • Published: Dec. 03, 2024
    • Modified: Jun. 03, 2025

  • 2.7

    LOW
    CVE-2023-50955

    IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.... Read more

    Affected Products : infosphere_information_server
    • Published: Feb. 21, 2024
    • Modified: Dec. 10, 2024

  • 2.7

    LOW
    CVE-2022-34452

    PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. ... Read more

    Affected Products : powerpath_management_appliance
    • Published: Feb. 10, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-27266

    Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-47293

    PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity (XXE) attack and to a server-side request forgery (SSRF) atta... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: XML External Entity

  • 2.7

    LOW
    CVE-2025-55193

    Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI seque... Read more

    Affected Products : rails
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2025-58866

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info allows Retrieve Embedded Sensitive Data. This issue affects Site Info: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2024-20905

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with ... Read more

    Affected Products : jd_edwards_enterpriseone_tools
    • Published: Feb. 17, 2024
    • Modified: Mar. 27, 2025

  • 2.7

    LOW
    CVE-2023-5775

    The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possi... Read more

    Affected Products : backwpup
    • Published: Feb. 26, 2024
    • Modified: Feb. 05, 2025

  • 2.7

    LOW
    CVE-2024-20912

    Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle ... Read more

    Affected Products : audit_vault_and_database_firewall
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 2.7

    LOW
    CVE-2024-47577

    Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in ... Read more

    Affected Products : commerce_cloud
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 2.7

    LOW
    CVE-2025-52484

    RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction (including remu and divu) in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnera... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2025-30368

    Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefor... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 31, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-52926

    In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface.... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025

  • 2.7

    LOW
    CVE-2025-54873

    RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2025-27686

    Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with re... Read more

    Affected Products : unisphere_for_powermax
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2024-4195

    Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests. ... Read more

    Affected Products : mattermost_server
    • Published: Apr. 26, 2024
    • Modified: May. 12, 2025

  • 2.7

    LOW
    CVE-2023-28440

    Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared host... Read more

    Affected Products : discourse
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-26698

    Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.... Read more

    Affected Products : revoworks_browser
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 294522 Results