Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.0

    LOW
    CVE-2025-43489

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 2.0

    LOW
    CVE-2025-43488

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the ... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.0

    LOW
    CVE-2022-27049

    Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed.... Read more

    Affected Products : raidrive
    • EPSS Score: %0.14
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 2.0

    LOW
    CVE-2024-53274

    Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacke... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 2.0

    LOW
    CVE-2025-40632

    Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.0

    LOW
    CVE-2025-0138

    Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not aff... Read more

    Affected Products : prisma_cloud_compute_edition
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 2.0

    LOW
    CVE-2024-1633

    During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from... Read more

    • Published: Feb. 19, 2024
    • Modified: Jan. 24, 2025

  • 2.0

    LOW
    CVE-2023-26591

    Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access.... Read more

    Affected Products : thunderbolt_dch_driver
    • EPSS Score: %0.10
    • Published: Feb. 14, 2024
    • Modified: Nov. 21, 2024

  • 2.0

    LOW
    CVE-2025-4655

    SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 G... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Server-Side Request Forgery

  • 2.0

    LOW
    CVE-2022-26328

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63.... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 2.0

    LOW
    CVE-2025-2864

    SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025

  • 2.0

    LOW
    CVE-2024-52286

    Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing an... Read more

    Affected Products : stirling_pdf
    • Published: Nov. 11, 2024
    • Modified: Jan. 09, 2025

  • 2.0

    LOW
    CVE-2024-49417

    Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : smart_touch_call
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 2.0

    LOW
    CVE-2025-47824

    Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cryptography

  • 2.0

    LOW
    CVE-2023-45706

    An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration. ... Read more

    Affected Products : bigfix_platform
    • Published: Mar. 28, 2024
    • Modified: Nov. 21, 2024

  • 2.0

    LOW
    CVE-2025-4599

    The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.0

    LOW
    CVE-2024-50406

    A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed ... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.0

    LOW
    CVE-2025-2922

    A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Information Disclosure

  • 2.0

    LOW
    CVE-2025-3639

    Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 2.0

    LOW
    CVE-2025-4762

    Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths an... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization
Showing 20 of 291641 Results