Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-1731

    An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-45516

    An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: May. 14, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-32354

    In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauth... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Apr. 29, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-25065

    SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Feb. 03, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-25064

    SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerabilit... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Feb. 03, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-54663

    An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Dec. 19, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-45517

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's sessio... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 4.8

    MEDIUM
    CVE-2024-45513

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code ... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-45514

    An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing ... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-45512

    An issue was discovered in webmail in Zimbra Collaboration (ZCS) through 10.1. An attacker can exploit this vulnerability by creating a folder in the Briefcase module with a malicious payload and sharing it with a victim. When the victim interacts with th... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 21, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-45511

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim open... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Nov. 20, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-25722

    qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.... Read more

    Affected Products : qanything
    • Published: Feb. 11, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-44000

    An issue in Otakara lapis totuka mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 24, 2024
    • Modified: Jun. 11, 2025

  • 9.9

    CRITICAL
    CVE-2025-24016

    Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI p... Read more

    Affected Products : wazuh
    • Actively Exploited
    • Published: Feb. 10, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2024-12716

    The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ... Read more

    Affected Products : simple_basic_contact_form
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2023-7174

    The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : abitgone_commentsafe
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-7195

    The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.... Read more

    Affected Products : wp-reply_notify
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-7196

    The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : ultimate_noindex_nofollow_tool
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025

  • 7.1

    HIGH
    CVE-2023-7197

    The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : marketing_twitter_bot
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2024-0852

    The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin... Read more

    Affected Products : coreactivity
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293437 Results