Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-47127

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict... Read more

    Affected Products : windows framemaker
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47128

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac... Read more

    Affected Products : windows framemaker
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47129

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict... Read more

    Affected Products : windows framemaker
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47130

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac... Read more

    Affected Products : windows framemaker
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47131

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ... Read more

    Affected Products : windows framemaker
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47132

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict... Read more

    Affected Products : windows framemaker
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47133

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict... Read more

    Affected Products : windows framemaker
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2023-48396

    Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml... Read more

    Affected Products : seatunnel
    • Published: Jul. 30, 2024
    • Modified: Jul. 10, 2025

  • 8.4

    HIGH
    CVE-2024-37381

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.... Read more

    Affected Products : endpoint_manager
    • Published: Jul. 29, 2024
    • Modified: Jul. 10, 2025

  • 2.7

    LOW
    CVE-2024-29733

    Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl... Read more

    Affected Products : apache-airflow-providers-ftp
    • Published: Apr. 21, 2024
    • Modified: Jul. 10, 2025

  • 9.1

    CRITICAL
    CVE-2024-29070

    On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data ev... Read more

    Affected Products : streampark
    • Published: Jul. 23, 2024
    • Modified: Jul. 10, 2025

  • 6.4

    MEDIUM
    CVE-2024-10181

    The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attrib... Read more

    Affected Products : newsletters
    • Published: Oct. 29, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2024-41178

    Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens.  On certain error conditions, the logs may contain the OIDC token passed to Assu... Read more

    Affected Products : arrow
    • Published: Jul. 23, 2024
    • Modified: Jul. 10, 2025

  • 6.4

    MEDIUM
    CVE-2024-2337

    The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied... Read more

    Affected Products : easy_testimonials
    • Published: Jul. 20, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-3584

    qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitra... Read more

    Affected Products : qdrant
    • Published: May. 30, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-9637

    The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updatin... Read more

    Affected Products : wpschoolpress
    • Published: Oct. 26, 2024
    • Modified: Jul. 10, 2025

  • 8.1

    HIGH
    CVE-2023-52290

    In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn't validated, ther... Read more

    Affected Products : streampark
    • Published: Jul. 16, 2024
    • Modified: Jul. 10, 2025

  • 7.2

    HIGH
    CVE-2024-5902

    The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input saniti... Read more

    Affected Products : user_feedback userfeedback
    • Published: Jul. 12, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-5325

    The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fv_export_data’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi... Read more

    Affected Products : form_vibes
    • Published: Jul. 12, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-36522

    The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which ... Read more

    Affected Products : wicket
    • Published: Jul. 12, 2024
    • Modified: Jul. 10, 2025
Showing 20 of 291712 Results