Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-5891

    A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remo... Read more

    Affected Products : pm2
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-4321

    A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during th... Read more

    Affected Products : chuanhuchatgpt
    • Published: May. 16, 2024
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-5887

    A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site script... Read more

    Affected Products : webstack-guns
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-32725

    Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-33050

    Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-32724

    Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-33052

    Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2024-4284

    A vulnerability in mintplex-labs/anything-llm allows for a denial of service (DoS) condition through the modification of a user's `id` attribute to a value of 0. This issue affects the current version of the software, with the latest commit id `57984fa85c... Read more

    Affected Products : anythingllm
    • Published: May. 19, 2024
    • Modified: Jul. 10, 2025

  • 6.4

    MEDIUM
    CVE-2024-10172

    The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's void_wbwhmcse_laouts_search shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and out... Read more

    • Published: Nov. 21, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-5716

    Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerabi... Read more

    Affected Products : unified_secops_platform
    • Published: Nov. 22, 2024
    • Modified: Jul. 10, 2025

  • 5.3

    MEDIUM
    CVE-2024-3599

    The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it p... Read more

    Affected Products : wp_cookie_consent
    • Published: May. 02, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-5717

    Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required t... Read more

    Affected Products : unified_secops_platform
    • Published: Nov. 22, 2024
    • Modified: Jul. 10, 2025

  • 8.1

    HIGH
    CVE-2024-5718

    Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required t... Read more

    Affected Products : unified_secops_platform
    • Published: Nov. 22, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-5719

    Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required t... Read more

    Affected Products : unified_secops_platform
    • Published: Nov. 22, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-5720

    Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required t... Read more

    Affected Products : unified_secops_platform
    • Published: Nov. 22, 2024
    • Modified: Jul. 10, 2025

  • 8.1

    HIGH
    CVE-2024-5721

    Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required t... Read more

    Affected Products : unified_secops_platform
    • Published: Nov. 22, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-5722

    Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authent... Read more

    Affected Products : unified_secops_platform
    • Published: Nov. 22, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2025-33073

    Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-33056

    Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-33057

    Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292238 Results