Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-50637

    UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies.... Read more

    Affected Products : unopim
    • Published: Nov. 06, 2024
    • Modified: Jun. 24, 2025

  • 6.1

    MEDIUM
    CVE-2023-2142

    In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross ... Read more

    Affected Products : nunjucks
    • Published: Nov. 26, 2024
    • Modified: Jun. 24, 2025

  • 7.5

    HIGH
    CVE-2025-1975

    A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a m... Read more

    Affected Products : ollama
    • Published: May. 16, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-7297

    Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint.... Read more

    Affected Products : langflow
    • Published: Jul. 30, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2025-32966

    DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.... Read more

    Affected Products : dataease
    • Published: Apr. 23, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2024-54149

    Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox pl... Read more

    Affected Products : winter
    • Published: Dec. 09, 2024
    • Modified: Jun. 24, 2025

  • 7.5

    HIGH
    CVE-2024-28232

    Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 h... Read more

    Affected Products : casaos casaos-userservice
    • Published: Apr. 01, 2024
    • Modified: Jun. 24, 2025

  • 8.1

    HIGH
    CVE-2024-48325

    Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. The "instituicao_id" parameter in "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id"... Read more

    Affected Products : i-educar
    • Published: Nov. 06, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-41151

    Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes th... Read more

    Affected Products : hertzbeat
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-45505

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before... Read more

    Affected Products : hertzbeat
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 7.5

    HIGH
    CVE-2024-45791

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.... Read more

    Affected Products : hertzbeat
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-47208

    Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-3628

    A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-3627

    A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-3625

    A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-32045

    A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-32044

    A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured wi... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-3634

    A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step veri... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-46101

    SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2020-3525

    A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025
Showing 20 of 293649 Results