Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-13269

    Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11.... Read more

    Affected Products : advanced_varnish
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-13270

    Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1.... Read more

    Affected Products : freelinking
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-13271

    Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4.... Read more

    Affected Products : content_entity_clone
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2024-13272

    Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.... Read more

    Affected Products : paragraphs_table
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-9005

    A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible to launch the attack remotely. The complexity of an atta... Read more

    Affected Products : mblog
    • Published: Aug. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2022-38129

    A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.... Read more

    Affected Products : sensor_management_server
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2022-36923

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain... Read more

    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 4.7

    MEDIUM
    CVE-2022-34704

    Windows Defender Credential Guard Information Disclosure Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Aug. 27, 2025

  • 4.3

    MEDIUM
    CVE-2022-31674

    VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.... Read more

    Affected Products : vrealize_operations
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 7.2

    HIGH
    CVE-2022-31672

    VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.... Read more

    Affected Products : vrealize_operations
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-2457

    A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.... Read more

    Affected Products : process_automation_manager
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-2355

    The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin... Read more

    Affected Products : easy_username_updater
    • Published: Aug. 08, 2022
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-20361

    In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User inter... Read more

    Affected Products : android
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 5.0

    MEDIUM
    CVE-1999-0159

    Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.... Read more

    Affected Products : ios
    • Published: Aug. 12, 1998
    • Modified: Aug. 27, 2025

  • 5.3

    MEDIUM
    CVE-2025-57770

    The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login in... Read more

    Affected Products : zitadel
    • Published: Aug. 22, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-9397

    A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files[] can lead to unrestricted upload. The attack can be launched remotely. The ex... Read more

    Affected Products : vvveb
    • Published: Aug. 24, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-9407

    A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to cross site scripting. The attack may be launched remot... Read more

    Affected Products : mblog
    • Published: Aug. 25, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-9004

    A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The... Read more

    Affected Products : mblog
    • Published: Aug. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-8992

    A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and ma... Read more

    Affected Products : mblog
    • Published: Aug. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-8927

    A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction o... Read more

    Affected Products : mblog
    • Published: Aug. 13, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication
Showing 20 of 293329 Results