Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-50627

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, poten... Read more

    • Published: Dec. 09, 2024
    • Modified: Jun. 27, 2025

  • 8.8

    HIGH
    CVE-2024-50626

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized ac... Read more

    • Published: Dec. 09, 2024
    • Modified: Jun. 27, 2025

  • 8.0

    HIGH
    CVE-2024-50625

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, poten... Read more

    • Published: Dec. 09, 2024
    • Modified: Jun. 27, 2025

  • 8.8

    HIGH
    CVE-2024-50628

    An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.... Read more

    • Published: Dec. 09, 2024
    • Modified: Jun. 27, 2025

  • 6.1

    MEDIUM
    CVE-2025-30720

    Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to com... Read more

    Affected Products : configurator
    • Published: Apr. 15, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-30722

    Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network ... Read more

    • Published: Apr. 15, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-3135

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their co... Read more

    Affected Products : localai
    • Published: Apr. 01, 2024
    • Modified: Jun. 27, 2025

  • 5.7

    MEDIUM
    CVE-2025-30737

    Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). The supported version that is affected is 24.200. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP ... Read more

    Affected Products : smart_view_for_office
    • Published: Apr. 15, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2023-36682

    Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7. ... Read more

    Affected Products : schema schema_pro
    • Published: Nov. 30, 2023
    • Modified: Jun. 27, 2025

  • 6.5

    MEDIUM
    CVE-2025-32385

    EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the ... Read more

    Affected Products : espocrm
    • Published: Apr. 16, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-29459

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-32788

    OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend p... Read more

    Affected Products : octoprint
    • Published: Apr. 22, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-45250

    MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url function of the app_doc/utils.py file.... Read more

    Affected Products : mrdoc
    • Published: May. 06, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-1564

    The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode... Read more

    Affected Products : schema schema_pro
    • Published: Mar. 25, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-34050

    Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go.... Read more

    Affected Products : onos traffic_steering_xapplication
    • Published: Apr. 30, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-10718

    In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fi... Read more

    Affected Products : phpipam
    • Published: Mar. 20, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.6

    MEDIUM
    CVE-2024-22724

    An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.... Read more

    Affected Products : oscommerce
    • Published: Mar. 21, 2024
    • Modified: Jun. 27, 2025

  • 6.5

    MEDIUM
    CVE-2025-48175

    In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.... Read more

    Affected Products : libavif
    • Published: May. 16, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-54000

    Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow... Read more

    Affected Products : mobile_security_framework
    • Published: Dec. 03, 2024
    • Modified: Jun. 27, 2025

  • 8.1

    HIGH
    CVE-2024-53999

    Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a m... Read more

    Affected Products : mobile_security_framework
    • Published: Dec. 03, 2024
    • Modified: Jun. 27, 2025
Showing 20 of 293689 Results