Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-29215

    Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and runni... Read more

    Affected Products : mattermost_server mattermost
    • Published: May. 26, 2024
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000875

    Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to a... Read more

    • Published: Dec. 20, 2018
    • Modified: Jul. 08, 2025

  • 9.9

    CRITICAL
    CVE-2025-4981

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via ... Read more

    Affected Products : mattermost_server
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 4.1

    MEDIUM
    CVE-2025-4573

    Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execut... Read more

    Affected Products : mattermost_server
    • Published: Jun. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-55965

    An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not... Read more

    Affected Products : appsmith
    • Published: Mar. 26, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2011-5280

    Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.... Read more

    Affected Products : boinc boinc boinc_client
    • Published: Jun. 02, 2014
    • Modified: Jul. 08, 2025

  • 9.3

    HIGH
    CVE-2013-2019

    Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.... Read more

    Affected Products : boinc boinc boinc_client
    • Published: Jun. 02, 2014
    • Modified: Jul. 08, 2025

  • 9.3

    HIGH
    CVE-2013-2298

    Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.... Read more

    Affected Products : boinc boinc boinc_client
    • Published: Jun. 02, 2014
    • Modified: Jul. 08, 2025

  • 6.5

    MEDIUM
    CVE-2025-22659

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through 2.10.44.... Read more

    Affected Products : orbit_fox
    • Published: Mar. 27, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-58128

    In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.... Read more

    Affected Products : misp
    • Published: Mar. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2013-2018

    Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : boinc boinc_client
    • Published: Feb. 20, 2020
    • Modified: Jul. 08, 2025

  • 5.5

    MEDIUM
    CVE-2024-58129

    In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.... Read more

    Affected Products : misp
    • Published: Mar. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-43186

    IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.... Read more

    • Published: Mar. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.0

    MEDIUM
    CVE-2013-7386

    Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the... Read more

    Affected Products : boinc boinc boinc_client
    • Published: Jun. 02, 2014
    • Modified: Jul. 08, 2025

  • 7.5

    HIGH
    CVE-2024-7577

    IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.... Read more

    • Published: Mar. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-55895

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.... Read more

    • Published: Mar. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2025-20202

    A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of access poin... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-27492

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-49741

    No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : edge_chromium
    • Published: Jul. 01, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-27491

    Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293607 Results