Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-23375

    Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more

    Affected Products : powerprotect_data_manager
    • Published: Apr. 28, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 4.4

    MEDIUM
    CVE-2025-23376

    Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulner... Read more

    Affected Products : powerprotect_data_manager
    • Published: Apr. 28, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Information Disclosure

  • 4.2

    MEDIUM
    CVE-2025-23377

    Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script... Read more

    Affected Products : powerprotect_data_manager
    • Published: Apr. 28, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-39721

    An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinit... Read more

    Affected Products : ollama
    • Published: Oct. 31, 2024
    • Modified: May. 13, 2025

  • 5.6

    MEDIUM
    CVE-2024-56827

    A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.... Read more

    Affected Products : enterprise_linux openjpeg
    • Published: Jan. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2024-56826

    A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.... Read more

    Affected Products : enterprise_linux openjpeg
    • Published: Jan. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2024-44087

    A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validat... Read more

    Affected Products : automation_license_manager
    • Published: Sep. 10, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2021-31895

    A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200... Read more

    • EPSS Score: %2.33
    • Published: Jul. 13, 2021
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2024-1394

    A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The obj... Read more

    • Published: Mar. 21, 2024
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2025-32152

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Essential Plugins by WP OnlineSupport Slider a SlidersPack allows PHP Local File Inclusion. This issue affects Slider a SlidersPack: ... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-31789

    Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.1.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-8404

    An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF ... Read more

    Affected Products : papercut_ng papercut_mf
    • Published: Sep. 26, 2024
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2023-51401

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35... Read more

    • Published: May. 17, 2024
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2024-34241

    A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.... Read more

    Affected Products : rocket_lms
    • Published: May. 17, 2024
    • Modified: May. 13, 2025

  • 4.6

    MEDIUM
    CVE-2024-2218

    The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : luckywp_table_of_contents
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-3965

    The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : pray_for_me
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 4.6

    MEDIUM
    CVE-2024-3993

    The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : azan
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 4.6

    MEDIUM
    CVE-2024-4271

    The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.... Read more

    Affected Products : svgator
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2024-4480

    The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : wp_prayer prayer
    • Published: Jun. 14, 2024
    • Modified: May. 13, 2025

  • 5.4

    MEDIUM
    CVE-2024-3236

    The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : popup_builder popup_builder
    • Published: Jun. 17, 2024
    • Modified: May. 13, 2025
Showing 20 of 291741 Results