Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-4547

    A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perf... Read more

    Affected Products : diaenergie
    • Published: May. 06, 2024
    • Modified: Jun. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-27439

    An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not ... Read more

    Affected Products : wicket
    • Published: Mar. 19, 2024
    • Modified: Jun. 27, 2025

  • 3.5

    LOW
    CVE-2024-4226

    It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.... Read more

    Affected Products : octopus_server
    • Published: Apr. 30, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-2777

    SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.... Read more

    Affected Products : sysaid
    • Published: May. 07, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: XML External Entity

  • 5.9

    MEDIUM
    CVE-2024-24818

    EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerabilit... Read more

    Affected Products : espocrm
    • Published: Mar. 21, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-28130

    An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigge... Read more

    Affected Products : debian_linux dcmtk
    • Published: Apr. 23, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-28640

    Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.... Read more

    • Published: Mar. 16, 2024
    • Modified: Jun. 27, 2025

  • 6.3

    MEDIUM
    CVE-2024-2241

    Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions ... Read more

    Affected Products : workspace
    • Published: Mar. 07, 2024
    • Modified: Jun. 27, 2025

  • 7.3

    HIGH
    CVE-2022-36263

    StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.... Read more

    Affected Products : windows streamlabs_desktop
    • Published: Aug. 19, 2022
    • Modified: Jun. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-1316

    The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g.... Read more

    Affected Products : eventbrite_tickets event_tickets
    • Published: Mar. 04, 2024
    • Modified: Jun. 27, 2025

  • 8.8

    HIGH
    CVE-2024-27497

    Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.... Read more

    Affected Products : e2000_firmware e2000
    • Published: Mar. 01, 2024
    • Modified: Jun. 27, 2025

  • 4.5

    MEDIUM
    CVE-2024-3165

    System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.   ... Read more

    Affected Products : dotcms
    • Published: Apr. 01, 2024
    • Modified: Jun. 27, 2025

  • 4.5

    MEDIUM
    CVE-2024-3164

    In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, sh... Read more

    Affected Products : dotcms
    • Published: Apr. 01, 2024
    • Modified: Jun. 27, 2025

  • 8.1

    HIGH
    CVE-2025-25950

    Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-25951

    An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-25952

    An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-27583

    Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-27584

    A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name paramet... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-25953

    Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-37087

    The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Jun. 25, 2024
    • Modified: Jun. 27, 2025
Showing 20 of 293962 Results