Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-18524

    The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.... Read more

    Affected Products : football_pool football_pool
    • EPSS Score: %0.21
    • Published: Aug. 20, 2019
    • Modified: Jul. 16, 2025

  • 9.0

    CRITICAL
    CVE-2024-47572

    An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file... Read more

    Affected Products : fortisoar
    • Published: Jan. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2021-26700

    Visual Studio Code npm-script Extension Remote Code Execution Vulnerability... Read more

    • EPSS Score: %12.92
    • Published: Feb. 25, 2021
    • Modified: Jul. 16, 2025

  • 10.0

    HIGH
    CVE-2018-8327

    A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.... Read more

    • EPSS Score: %21.26
    • Published: Jul. 11, 2018
    • Modified: Jul. 16, 2025

  • 7.6

    HIGH
    CVE-2024-33911

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4. ... Read more

    Affected Products : school_management
    • Published: May. 02, 2024
    • Modified: Jul. 16, 2025

  • 6.5

    MEDIUM
    CVE-2024-49393

    In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.... Read more

    Affected Products : enterprise_linux mutt neomutt
    • Published: Nov. 12, 2024
    • Modified: Jul. 16, 2025

  • 6.5

    MEDIUM
    CVE-2024-56114

    Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to su... Read more

    Affected Products : canlineapp
    • Published: Jan. 09, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2022-31764

    The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fi... Read more

    Affected Products : shardingsphere_elasticjob-ui
    • Published: Feb. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-0730

    A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument use... Read more

    Affected Products : tl-sg108e_firmware tl-sg108e
    • Published: Jan. 27, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-41743

    IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources.... Read more

    • Published: Jan. 19, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-41742

    IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a d... Read more

    • Published: Jan. 19, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2024-45654

    IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs.... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Jan. 19, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-53526

    composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.... Read more

    Affected Products : composio
    • Published: Jan. 08, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-11685

    The `Kudos Donations – Easy donations and payments with Mollie` plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of `add_query_arg` without appropriate escaping on the URL in all versions up to, and including, 3.2.9. Thi... Read more

    Affected Products : kudos_donations
    • Published: Nov. 28, 2024
    • Modified: Jul. 16, 2025

  • 7.8

    HIGH
    CVE-2024-39709

    Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Nov. 13, 2024
    • Modified: Jul. 16, 2025

  • 7.5

    HIGH
    CVE-2024-38649

    An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : connect_secure
    • Published: Nov. 13, 2024
    • Modified: Jul. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-48063

    In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.... Read more

    Affected Products : pytorch
    • Published: Oct. 29, 2024
    • Modified: Jul. 16, 2025

  • 4.9

    MEDIUM
    CVE-2024-45100

    IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Jan. 07, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-52377

    Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is present in the web management interface's ping and trac... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-45640

    IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Jan. 07, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291400 Results