Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-48366

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This al... Read more

    Affected Products : group_office group-office
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-48368

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary J... Read more

    Affected Products : group_office group-office
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-48369

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to exec... Read more

    Affected Products : group_office group-office
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-40458

    An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-40459

    An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-40460

    An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-40461

    An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-40462

    An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-41195

    An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-41196

    An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-41197

    An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-41198

    An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2024-41199

    An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.... Read more

    Affected Products : innovation
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2021-29505

    XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. ... Read more

    • Published: May. 28, 2021
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2021-21265

    October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS in... Read more

    Affected Products : october
    • Published: Mar. 10, 2021
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-47497

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepoints Logo Showcase allows DOM-Based XSS. This issue affects Logo Showcase: from n/a through 3.0.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2020-15187

    In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causin... Read more

    Affected Products : helm
    • Published: Sep. 17, 2020
    • Modified: May. 29, 2025

  • 5.1

    MEDIUM
    CVE-2025-30224

    MyDumper is a MySQL Logical Backup Tool. The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information ... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-39349

    Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object Injection.This issue affects CiyaShop: from n/a through 4.18.0.... Read more

    Affected Products : ciyashop
    • Published: May. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-39348

    Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows Object Injection.This issue affects Grand Restaurant WordPress: from n/a through 7.0.... Read more

    Affected Products : grand_restaurant
    • Published: May. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection
Showing 20 of 292795 Results