Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-7297

    Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint.... Read more

    Affected Products : langflow
    • Published: Jul. 30, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2025-32966

    DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.... Read more

    Affected Products : dataease
    • Published: Apr. 23, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2024-54149

    Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox pl... Read more

    Affected Products : winter
    • Published: Dec. 09, 2024
    • Modified: Jun. 24, 2025

  • 7.5

    HIGH
    CVE-2024-28232

    Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 h... Read more

    Affected Products : casaos casaos-userservice
    • Published: Apr. 01, 2024
    • Modified: Jun. 24, 2025

  • 8.1

    HIGH
    CVE-2024-48325

    Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. The "instituicao_id" parameter in "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id"... Read more

    Affected Products : i-educar
    • Published: Nov. 06, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-41151

    Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes th... Read more

    Affected Products : hertzbeat
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 8.8

    HIGH
    CVE-2024-45505

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before... Read more

    Affected Products : hertzbeat
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 7.5

    HIGH
    CVE-2024-45791

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.... Read more

    Affected Products : hertzbeat
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-47208

    Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-3628

    A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-3627

    A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-3625

    A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-32045

    A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-32044

    A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured wi... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-3634

    A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step veri... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-46101

    SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2020-3525

    A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 7.5

    HIGH
    CVE-2025-45331

    brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerability in the br_dagens_handle_once function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44635

    There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, E... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-31483

    An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.... Read more

    Affected Products : arubaos instant instantos instant
    • Published: May. 14, 2024
    • Modified: Jun. 24, 2025
Showing 20 of 293666 Results