Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-27411

    REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3.... Read more

    Affected Products : redaxo
    • Published: Mar. 05, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-44849

    Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.... Read more

    Affected Products : qualitor
    • Published: Sep. 09, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-48359

    Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.... Read more

    Affected Products : qualitor
    • Published: Oct. 31, 2024
    • Modified: Jul. 01, 2025

  • 7.5

    HIGH
    CVE-2024-48360

    Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.... Read more

    Affected Products : qualitor
    • Published: Oct. 31, 2024
    • Modified: Jul. 01, 2025

  • 8.1

    HIGH
    CVE-2024-45106

    Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to tr... Read more

    Affected Products : ozone
    • Published: Dec. 03, 2024
    • Modified: Jul. 01, 2025

  • 2.6

    LOW
    CVE-2024-45719

    Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users a... Read more

    Affected Products : answer
    • Published: Nov. 22, 2024
    • Modified: Jul. 01, 2025

  • 8.5

    HIGH
    CVE-2024-45219

    Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or v... Read more

    Affected Products : cloudstack
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 8.1

    HIGH
    CVE-2024-45217

    Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets... Read more

    Affected Products : solr
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-45216

    Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL pa... Read more

    Affected Products : solr
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 8.8

    HIGH
    CVE-2024-42323

    SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).  This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to... Read more

    Affected Products : hertzbeat
    • Published: Sep. 21, 2024
    • Modified: Jul. 01, 2025

  • 6.2

    MEDIUM
    CVE-2024-39884

    A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code ... Read more

    Affected Products : http_server ontap_tools
    • Published: Jul. 04, 2024
    • Modified: Jul. 01, 2025

  • 7.5

    HIGH
    CVE-2024-39573

    Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.... Read more

    Affected Products : http_server ontap
    • Published: Jul. 01, 2024
    • Modified: Jul. 01, 2025

  • 8.1

    HIGH
    CVE-2024-38473

    Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.6... Read more

    Affected Products : http_server ontap
    • Published: Jul. 01, 2024
    • Modified: Jul. 01, 2025

  • 7.5

    HIGH
    CVE-2024-38472

    SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that a... Read more

    Affected Products : http_server ontap
    • Published: Jul. 01, 2024
    • Modified: Jul. 01, 2025

  • 7.8

    HIGH
    CVE-2025-4525

    A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be ap... Read more

    Affected Products : windows discord
    • Published: May. 10, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2024-36104

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Jun. 04, 2024
    • Modified: Jul. 01, 2025

  • 2.8

    LOW
    CVE-2025-48930

    The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues.... Read more

    Affected Products : telemessage
    • Published: May. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2025-48929

    The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary.... Read more

    Affected Products : telemessage
    • Published: May. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-48926

    The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.... Read more

    Affected Products : telemessage
    • Published: May. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-48925

    The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential.... Read more

    Affected Products : telemessage
    • Published: May. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication
Showing 20 of 293679 Results