Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-0120

    A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution re... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Apr. 11, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-36538

    Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : chaos-mesh
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 7.2

    HIGH
    CVE-2024-36537

    Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : cert-manager
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 5.2

    MEDIUM
    CVE-2025-0135

    An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: May. 14, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-36536

    Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : fabedge
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-36540

    Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : external_secrets_operator
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-36539

    Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : contour
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 3.5

    LOW
    CVE-2025-4227

    An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Pal... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Jun. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-6567

    A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file Recruitment/admin/view_application.php. The manipulation of the argument ID leads to sql... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4232

    An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Jun. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2025-6568

    A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url lea... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-6468

    A vulnerability was found in code-projects Online Bidding System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /bidnow.php. The manipulation of the argument ID leads to sql injection. The attack can be initiate... Read more

    Affected Products : online_bidding_system
    • Published: Jun. 22, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-50693

    PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference (IDOR) in odms/request-details.php.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-50695

    PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-6467

    A vulnerability was found in code-projects Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument User leads to sql injection. It is possible to initiate the att... Read more

    Affected Products : online_bidding_system
    • Published: Jun. 22, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2018-20977

    The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page.... Read more

    Affected Products : schema schema_pro
    • Published: Aug. 21, 2019
    • Modified: Jun. 27, 2025

  • 8.8

    HIGH
    CVE-2023-25058

    Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions.... Read more

    Affected Products : schema
    • Published: May. 26, 2023
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-2112

    A vulnerability was found in user-xiangpeng yaoqishan up to a47fec4a31cbd13698c592dfdc938c8824dd25e4. It has been declared as critical. Affected by this vulnerability is the function getMediaLisByFilter of the file cn/javaex/yaoqishan/service/media_info/M... Read more

    Affected Products : yaoqishan
    • Published: Mar. 08, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2113

    A vulnerability was found in AT Software Solutions ATSVD up to 3.4.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Esqueceu a senha. The manipulation of the argument txtCPF leads to sql injection. Th... Read more

    Affected Products : atsvd
    • Published: Mar. 09, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2115

    A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 3.1. Affected is the function ProcessRequest of the file /AcceptZip.ashx. The manipulation of the argument file leads to unrestricted upload. It ... Read more

    • Published: Mar. 09, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293689 Results