Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2024-6006

    A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cros... Read more

    Affected Products : zkbiosecurity_v5000
    • Published: Jun. 15, 2024
    • Modified: Jul. 17, 2025

  • 5.1

    MEDIUM
    CVE-2024-6005

    A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads t... Read more

    Affected Products : zkbiosecurity_v5000
    • Published: Jun. 15, 2024
    • Modified: Jul. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-5936

    An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sa... Read more

    Affected Products : privategpt privategpt
    • Published: Jun. 27, 2024
    • Modified: Jul. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-4343

    A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability aris... Read more

    Affected Products : privategpt
    • Published: Nov. 14, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-20867

    Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.... Read more

    Affected Products : email
    • Published: May. 07, 2024
    • Modified: Jul. 17, 2025

  • 7.1

    HIGH
    CVE-2024-20868

    Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions.... Read more

    Affected Products : notes
    • Published: May. 07, 2024
    • Modified: Jul. 17, 2025

  • 7.5

    HIGH
    CVE-2025-20915

    Out-of-bounds read in applying binary of voice content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-20914

    Out-of-bounds read in applying binary of hand writing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-20913

    Out-of-bounds read in applying binary of drawing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.4

    MEDIUM
    CVE-2025-20901

    Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory.... Read more

    Affected Products : blockchain_keystore
    • Published: Feb. 04, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-20900

    Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.... Read more

    Affected Products : blockchain_keystore
    • Published: Feb. 04, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-20898

    Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.... Read more

    Affected Products : members
    • Published: Feb. 04, 2025
    • Modified: Jul. 17, 2025

  • 4.6

    MEDIUM
    CVE-2025-20894

    Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.... Read more

    Affected Products : email
    • Published: Feb. 04, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-6200

    The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : geodirectory geodirectory
    • Published: Jul. 11, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-2942

    The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information... Read more

    • Published: Jul. 11, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-28245

    Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body.... Read more

    Affected Products : alteryx_server
    • Published: Jul. 10, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-28244

    Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover... Read more

    Affected Products : alteryx_server
    • Published: Jul. 10, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-49715

    Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Jun. 20, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-20949

    Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.... Read more

    Affected Products : members
    • Published: May. 07, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-20976

    Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.29.23 allows attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: May. 07, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291618 Results