Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2024-22275

    The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: May. 21, 2024
    • Modified: Jun. 27, 2025

  • 7.2

    HIGH
    CVE-2024-22274

    The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: May. 21, 2024
    • Modified: Jun. 27, 2025

  • 7.1

    HIGH
    CVE-2024-22270

    VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information conta... Read more

    Affected Products : workstation macos fusion
    • Published: May. 14, 2024
    • Modified: Jun. 27, 2025

  • 7.1

    HIGH
    CVE-2024-22269

    VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory f... Read more

    Affected Products : workstation macos fusion
    • Published: May. 14, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-24401

    SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.... Read more

    Affected Products : nagios_xi
    • Published: Feb. 26, 2024
    • Modified: Jun. 27, 2025

  • 5.4

    MEDIUM
    CVE-2025-27585

    A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name paramet... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2024-27297

    Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the a... Read more

    Affected Products : nix nix
    • Published: Mar. 11, 2024
    • Modified: Jun. 27, 2025

  • 5.4

    MEDIUM
    CVE-2024-53382

    Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.... Read more

    Affected Products : prism
    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-53386

    Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.... Read more

    Affected Products : stage.js
    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-27520

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It all... Read more

    Affected Products : bentoml
    • Published: Apr. 04, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-3531

    A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible ... Read more

    Affected Products : youdiancms
    • Published: Apr. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3532

    A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. T... Read more

    Affected Products : youdiancms
    • Published: Apr. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3533

    A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross s... Read more

    Affected Products : youdiancms
    • Published: Apr. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-36050

    Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: Jun. 27, 2025

  • 7.6

    HIGH
    CVE-2024-12137

    Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01.... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-12136

    Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.This issue affects ANKA JPD-00028: before V.01.01.... Read more

    • Published: Mar. 19, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-6669

    A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key ... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2025-38083

    In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 ... Read more

    Affected Products : linux_kernel
    • Published: Jun. 20, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-37963

    In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to ... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37958

    In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid addr... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293676 Results