Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-2241

    Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions ... Read more

    Affected Products : workspace
    • Published: Mar. 07, 2024
    • Modified: Jun. 27, 2025

  • 7.3

    HIGH
    CVE-2022-36263

    StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.... Read more

    Affected Products : windows streamlabs_desktop
    • Published: Aug. 19, 2022
    • Modified: Jun. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-1316

    The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g.... Read more

    Affected Products : eventbrite_tickets event_tickets
    • Published: Mar. 04, 2024
    • Modified: Jun. 27, 2025

  • 8.8

    HIGH
    CVE-2024-27497

    Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.... Read more

    Affected Products : e2000_firmware e2000
    • Published: Mar. 01, 2024
    • Modified: Jun. 27, 2025

  • 4.5

    MEDIUM
    CVE-2024-3165

    System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.   ... Read more

    Affected Products : dotcms
    • Published: Apr. 01, 2024
    • Modified: Jun. 27, 2025

  • 4.5

    MEDIUM
    CVE-2024-3164

    In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, sh... Read more

    Affected Products : dotcms
    • Published: Apr. 01, 2024
    • Modified: Jun. 27, 2025

  • 8.1

    HIGH
    CVE-2025-25950

    Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-25951

    An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-25952

    An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-27583

    Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-27584

    A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name paramet... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-25953

    Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-37087

    The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Jun. 25, 2024
    • Modified: Jun. 27, 2025

  • 6.8

    MEDIUM
    CVE-2024-37086

    VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.... Read more

    Affected Products : esxi cloud_foundation
    • Published: Jun. 25, 2024
    • Modified: Jun. 27, 2025

  • 4.9

    MEDIUM
    CVE-2024-22275

    The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: May. 21, 2024
    • Modified: Jun. 27, 2025

  • 7.2

    HIGH
    CVE-2024-22274

    The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: May. 21, 2024
    • Modified: Jun. 27, 2025

  • 7.1

    HIGH
    CVE-2024-22270

    VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information conta... Read more

    Affected Products : workstation macos fusion
    • Published: May. 14, 2024
    • Modified: Jun. 27, 2025

  • 7.1

    HIGH
    CVE-2024-22269

    VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory f... Read more

    Affected Products : workstation macos fusion
    • Published: May. 14, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-24401

    SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.... Read more

    Affected Products : nagios_xi
    • Published: Feb. 26, 2024
    • Modified: Jun. 27, 2025

  • 5.4

    MEDIUM
    CVE-2025-27585

    A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name paramet... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 294068 Results