Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2022-1959

    AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.... Read more

    Affected Products : applock
    • EPSS Score: %0.02
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-37131

    SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the applica... Read more

    • Published: Jun. 13, 2024
    • Modified: May. 20, 2025

  • 8.0

    HIGH
    CVE-2024-24903

    Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access t... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24904

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or ... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24906

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of mal... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.3

    HIGH
    CVE-2024-24900

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. E... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24905

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or ... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2024-24907

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage o... Read more

    • Published: Mar. 01, 2024
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-5713

    The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 20, 2025

  • 7.1

    HIGH
    CVE-2024-5715

    The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : wp_emember
    • Published: Jul. 13, 2024
    • Modified: May. 20, 2025

  • 5.9

    MEDIUM
    CVE-2024-6231

    The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : request_a_quote
    • Published: Jul. 23, 2024
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2023-4724

    The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server... Read more

    • EPSS Score: %0.23
    • Published: Dec. 18, 2023
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41406

    An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : church_management_system
    • EPSS Score: %0.11
    • Published: Oct. 12, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-41191

    Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be trig... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %2.07
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-40931

    dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : transfer.sh
    • EPSS Score: %0.15
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-39168

    IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.... Read more

    • EPSS Score: %0.07
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-38732

    SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.... Read more

    Affected Products : snapcenter
    • EPSS Score: %0.17
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2019-1105

    A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker ... Read more

    Affected Products : outlook
    • EPSS Score: %0.53
    • Published: Jul. 29, 2019
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2019-1081

    An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the... Read more

    • EPSS Score: %1.12
    • Published: Jun. 12, 2019
    • Modified: May. 20, 2025

  • 7.6

    HIGH
    CVE-2019-1080

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current ... Read more

    • EPSS Score: %3.99
    • Published: Jun. 12, 2019
    • Modified: May. 20, 2025
Showing 20 of 292626 Results