Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2024-20499

    Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more

    • Published: Oct. 02, 2024
    • Modified: Jun. 04, 2025

  • 8.6

    HIGH
    CVE-2024-20498

    Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more

    • Published: Oct. 02, 2024
    • Modified: Jun. 04, 2025

  • 4.7

    MEDIUM
    CVE-2022-23089

    When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can... Read more

    Affected Products : freebsd
    • Published: Feb. 15, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-21728

    An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability all... Read more

    Affected Products : osticky
    • Published: Feb. 15, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-27184

    Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..... Read more

    Affected Products : joomla\!
    • Published: Aug. 20, 2024
    • Modified: Jun. 04, 2025

  • 9.1

    CRITICAL
    CVE-2024-27185

    The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.... Read more

    Affected Products : joomla\!
    • Published: Aug. 20, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-27186

    The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.... Read more

    Affected Products : joomla\!
    • Published: Aug. 20, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-27187

    Improper Access Controls allows backend users to overwrite their username when disallowed.... Read more

    Affected Products : joomla\!
    • Published: Aug. 20, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-40743

    The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.... Read more

    Affected Products : joomla\!
    • Published: Aug. 20, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-40744

    Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.... Read more

    Affected Products : convert_forms
    • Published: Dec. 04, 2024
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-40745

    Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.... Read more

    Affected Products : convert_forms
    • Published: Dec. 04, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-40747

    Various module chromes didn't properly process inputs, leading to XSS vectors.... Read more

    Affected Products : joomla\!
    • Published: Jan. 07, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-40748

    Lack of output escaping in the id attribute of menu lists.... Read more

    Affected Products : joomla\!
    • Published: Jan. 07, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-40749

    Improper Access Controls allows access to protected views.... Read more

    Affected Products : joomla\!
    • Published: Jan. 07, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-22204

    Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability.... Read more

    Affected Products : sourcerer
    • Published: Feb. 04, 2025
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2025-22205

    Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.... Read more

    Affected Products : admiror_gallery
    • Published: Feb. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Path Traversal

  • 4.7

    MEDIUM
    CVE-2025-22206

    A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.... Read more

    Affected Products : js_jobs
    • Published: Feb. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-22208

    A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature.... Read more

    Affected Products : js_jobs
    • Published: Feb. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-22209

    A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.... Read more

    Affected Products : js_jobs
    • Published: Feb. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-22210

    A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in backend.... Read more

    Affected Products : hikashop
    • Published: Feb. 25, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection
Showing 20 of 293499 Results