Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-30370

    RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in tha... Read more

    Affected Products : winrar
    • Published: Apr. 02, 2024
    • Modified: Jun. 20, 2025

  • 4.8

    MEDIUM
    CVE-2024-37773

    An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.... Read more

    Affected Products : dctrack
    • Published: Dec. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-40477

    RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit ... Read more

    Affected Products : winrar
    • Published: May. 03, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2024-56128

    Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 58... Read more

    Affected Products : kafka
    • Published: Dec. 18, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2025-2056

    The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of... Read more

    Affected Products : hide_my_wp_ghost
    • Published: Mar. 14, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2024-55897

    IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes ... Read more

    Affected Products : i i powerha_system_mirror
    • Published: Jan. 03, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-22275

    iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote log... Read more

    Affected Products : iterm2
    • Published: Jan. 03, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2024-33894

    Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges.... Read more

    • Published: Aug. 02, 2024
    • Modified: Jun. 20, 2025

  • 3.1

    LOW
    CVE-2024-51472

    IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensiti... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Jan. 06, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2024-38447

    NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user).... Read more

    Affected Products : advisor_network
    • Published: Jul. 17, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-38446

    NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST request.... Read more

    Affected Products : advisor_network
    • Published: Jul. 17, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2025-21616

    Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profi... Read more

    Affected Products : plane
    • Published: Jan. 06, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-50659

    Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.... Read more

    Affected Products : adportal
    • Published: Jan. 07, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-37621

    StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php.... Read more

    Affected Products : strongshop
    • Published: Jun. 17, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2024-34451

    Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that a... Read more

    Affected Products : ghost
    • Published: Jun. 16, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-38396

    An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the termi... Read more

    Affected Products : iterm2
    • Published: Jun. 16, 2024
    • Modified: Jun. 20, 2025

  • 7.9

    HIGH
    CVE-2024-40427

    Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute... Read more

    Affected Products : px4_drone_autopilot
    • Published: Jan. 07, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2023-1907

    A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.... Read more

    Affected Products : pgadmin
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2022-22491

    IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesy... Read more

    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2024-33850

    Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting.... Read more

    Affected Products : pexip_infinity
    • Published: Jun. 10, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293609 Results