Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-13264

    Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2.... Read more

    Affected Products : opigno_module
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-13265

    Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2.... Read more

    Affected Products : learning_path
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-13266

    Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4.... Read more

    Affected Products : responsive_and_off-canvas_menu
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-13267

    Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3.... Read more

    Affected Products : tincan_question_type
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2024-13268

    Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23.... Read more

    Affected Products : opigno
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-13269

    Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11.... Read more

    Affected Products : advanced_varnish
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-13270

    Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1.... Read more

    Affected Products : freelinking
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-13271

    Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4.... Read more

    Affected Products : content_entity_clone
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2024-13272

    Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.... Read more

    Affected Products : paragraphs_table
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-9005

    A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible to launch the attack remotely. The complexity of an atta... Read more

    Affected Products : mblog
    • Published: Aug. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2022-38129

    A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.... Read more

    Affected Products : sensor_management_server
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2022-36923

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain... Read more

    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 4.7

    MEDIUM
    CVE-2022-34704

    Windows Defender Credential Guard Information Disclosure Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Aug. 27, 2025

  • 4.3

    MEDIUM
    CVE-2022-31674

    VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.... Read more

    Affected Products : vrealize_operations
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 7.2

    HIGH
    CVE-2022-31672

    VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.... Read more

    Affected Products : vrealize_operations
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-2457

    A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.... Read more

    Affected Products : process_automation_manager
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-2355

    The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin... Read more

    Affected Products : easy_username_updater
    • Published: Aug. 08, 2022
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-20361

    In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User inter... Read more

    Affected Products : android
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 5.0

    MEDIUM
    CVE-1999-0159

    Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.... Read more

    Affected Products : ios
    • Published: Aug. 12, 1998
    • Modified: Aug. 27, 2025

  • 5.3

    MEDIUM
    CVE-2025-57770

    The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login in... Read more

    Affected Products : zitadel
    • Published: Aug. 22, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication
Showing 20 of 293435 Results