Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2024-0453

    The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated atta... Read more

    Affected Products : ai_chatbot wpbot
    • Published: May. 22, 2024
    • Modified: May. 12, 2025

  • 7.7

    HIGH
    CVE-2024-0452

    The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated atta... Read more

    Affected Products : ai_chatbot wpbot
    • Published: May. 22, 2024
    • Modified: May. 12, 2025

  • 5.0

    MEDIUM
    CVE-2024-0451

    The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, w... Read more

    Affected Products : ai_chatbot wpbot
    • Published: May. 22, 2024
    • Modified: May. 12, 2025

  • 8.8

    HIGH
    CVE-2023-49330

    Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 20, 2024
    • Modified: May. 12, 2025

  • 2.7

    LOW
    CVE-2024-4198

    Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests. ... Read more

    Affected Products : mattermost_server
    • Published: Apr. 26, 2024
    • Modified: May. 12, 2025

  • 2.7

    LOW
    CVE-2024-4195

    Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests. ... Read more

    Affected Products : mattermost_server
    • Published: Apr. 26, 2024
    • Modified: May. 12, 2025

  • 6.5

    MEDIUM
    CVE-2024-4183

    Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after ... Read more

    Affected Products : mattermost_server
    • Published: Apr. 26, 2024
    • Modified: May. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-4182

    Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom status. ... Read more

    Affected Products : mattermost_server
    • Published: Apr. 26, 2024
    • Modified: May. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-32046

    Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full p... Read more

    Affected Products : mattermost_server
    • Published: Apr. 26, 2024
    • Modified: May. 12, 2025

  • 6.5

    MEDIUM
    CVE-2024-22091

    Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via send... Read more

    Affected Products : mattermost_server
    • Published: Apr. 26, 2024
    • Modified: May. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-1888

    Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in anoth... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 29, 2024
    • Modified: May. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-23488

    Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 29, 2024
    • Modified: May. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-1887

    Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.  ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 29, 2024
    • Modified: May. 12, 2025

  • 8.8

    HIGH
    CVE-2024-25723

    ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password ... Read more

    Affected Products : zenml
    • Published: Feb. 27, 2024
    • Modified: May. 12, 2025

  • 9.9

    CRITICAL
    CVE-2024-2083

    A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypas... Read more

    Affected Products : zenml
    • Published: Apr. 16, 2024
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2024-27507

    libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.... Read more

    Affected Products : fedora liblas
    • Published: Feb. 27, 2024
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2024-26455

    fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.... Read more

    Affected Products : fluent_bit
    • Published: Feb. 26, 2024
    • Modified: May. 12, 2025

  • 8.8

    HIGH
    CVE-2021-38388

    Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.... Read more

    Affected Products : central_dogma
    • EPSS Score: %0.30
    • Published: Sep. 08, 2021
    • Modified: May. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-12768

    The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored ... Read more

    Affected Products : responsive_iframe
    • Published: Feb. 01, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2024-13096

    The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : wp_finance
    • Published: Feb. 01, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291728 Results