Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-39001

    ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products : ag-grid ag_charts
    • Published: Jul. 01, 2024
    • Modified: May. 01, 2025

  • 6.4

    MEDIUM
    CVE-2024-4532

    The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks... Read more

    Affected Products : business_card
    • Published: May. 27, 2024
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2024-37032

    Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ subst... Read more

    Affected Products : ollama
    • Published: May. 31, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2024-36843

    libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.... Read more

    Affected Products : libmodbus
    • Published: May. 31, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2024-36844

    libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.... Read more

    Affected Products : libmodbus
    • Published: May. 31, 2024
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2024-36845

    An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.... Read more

    Affected Products : libmodbus
    • Published: May. 31, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2020-8887

    Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).... Read more

    Affected Products : sentry medius sentry
    • EPSS Score: %0.57
    • Published: Sep. 22, 2020
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2025-24358

    gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for ... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2025-27516

    Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulne... Read more

    Affected Products : jinja
    • Published: Mar. 05, 2025
    • Modified: May. 01, 2025

  • 4.7

    MEDIUM
    CVE-2022-46091

    Cross Site Scripting (XSS) vulnerability in the feedback form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter.... Read more

    • Published: Mar. 07, 2024
    • Modified: May. 01, 2025

  • 8.4

    HIGH
    CVE-2023-33676

    Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution.... Read more

    Affected Products : lost_and_found_information_system
    • Published: Mar. 07, 2024
    • Modified: May. 01, 2025

  • 6.5

    MEDIUM
    CVE-2024-28753

    RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request.... Read more

    Affected Products : raspap
    • Published: Mar. 09, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2024-28754

    RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request.... Read more

    Affected Products : raspap
    • Published: Mar. 09, 2024
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2023-6444

    The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.... Read more

    Affected Products : seriously_simple_podcasting
    • Published: Mar. 11, 2024
    • Modified: May. 01, 2025

  • 4.9

    MEDIUM
    CVE-2023-7247

    The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.... Read more

    • Published: Mar. 11, 2024
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2024-0561

    The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ... Read more

    • Published: Mar. 11, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2024-1068

    The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.... Read more

    Affected Products : 404_solution
    • Published: Mar. 11, 2024
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2024-1273

    The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks... Read more

    Affected Products : starbox
    • Published: Mar. 11, 2024
    • Modified: May. 01, 2025

  • 5.9

    MEDIUM
    CVE-2024-25650

    Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /exe... Read more

    Affected Products : secret_server distributed_engine
    • Published: Mar. 14, 2024
    • Modified: May. 01, 2025

  • 6.7

    MEDIUM
    CVE-2024-25649

    In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is ena... Read more

    Affected Products : secret_server
    • Published: Mar. 14, 2024
    • Modified: Apr. 30, 2025
Showing 20 of 291021 Results