Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-38472

    SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that a... Read more

    Affected Products : http_server ontap
    • Published: Jul. 01, 2024
    • Modified: Jul. 01, 2025

  • 7.8

    HIGH
    CVE-2025-4525

    A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be ap... Read more

    Affected Products : windows discord
    • Published: May. 10, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2024-36104

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Jun. 04, 2024
    • Modified: Jul. 01, 2025

  • 2.8

    LOW
    CVE-2025-48930

    The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues.... Read more

    Affected Products : telemessage
    • Published: May. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2025-48929

    The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary.... Read more

    Affected Products : telemessage
    • Published: May. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-48926

    The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.... Read more

    Affected Products : telemessage
    • Published: May. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-48925

    The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential.... Read more

    Affected Products : telemessage
    • Published: May. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2012-6428

    The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.... Read more

    • Published: Dec. 23, 2012
    • Modified: Jul. 01, 2025

  • 7.8

    HIGH
    CVE-2012-6427

    The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to ... Read more

    • Published: Dec. 23, 2012
    • Modified: Jul. 01, 2025

  • 7.5

    HIGH
    CVE-2025-49763

    ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache... Read more

    Affected Products : traffic_server
    • Published: Jun. 19, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-31698

    ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configure... Read more

    Affected Products : traffic_server
    • Published: Jun. 19, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 4.7

    MEDIUM
    CVE-2025-30675

    In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the 'domainid' parameter along with the 'filter=self' or 'filter=self... Read more

    Affected Products : cloudstack
    • Published: Jun. 11, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-47849

    A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This oper... Read more

    Affected Products : cloudstack
    • Published: Jun. 10, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-47713

    A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately rest... Read more

    Affected Products : cloudstack
    • Published: Jun. 10, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-4545

    A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component File Handler. The manipulation of the argument File lead... Read more

    Affected Products : ctcms
    • Published: May. 11, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-56523

    Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method.... Read more

    Affected Products : cloud_waf
    • Published: May. 12, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-24998

    Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-56524

    Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request.... Read more

    Affected Products : cloud_waf
    • Published: May. 12, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-25003

    Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 01, 2025

  • 7.1

    HIGH
    CVE-2025-25008

    Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 01, 2025
Showing 20 of 293685 Results