Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-45033

    Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to ... Read more

    Affected Products : apache-airflow-providers-fab
    • Published: Jan. 08, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-27018

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cau... Read more

    Affected Products : apache-airflow-providers-mysql
    • Published: Mar. 19, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-31309

    HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_... Read more

    Affected Products : fedora debian_linux traffic_server
    • Published: Apr. 10, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2021-32030

    The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administr... Read more

    • Actively Exploited
    • EPSS Score: %94.16
    • Published: May. 06, 2021
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2024-23222

    A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this... Read more

    Affected Products : macos iphone_os tvos ipados
    • Actively Exploited
    • EPSS Score: %0.17
    • Published: Jan. 23, 2024
    • Modified: Jun. 03, 2025

  • 6.9

    MEDIUM
    CVE-2025-35939

    Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and... Read more

    Affected Products : craft_cms
    • Actively Exploited
    • Published: May. 07, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2023-39780

    On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refres... Read more

    Affected Products : rt-ax55_firmware rt-ax55
    • Actively Exploited
    • EPSS Score: %70.18
    • Published: Sep. 11, 2023
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-56145

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspeci... Read more

    Affected Products : craft_cms
    • Actively Exploited
    • Published: Dec. 18, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2019-9978

    The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.... Read more

    Affected Products : social_warfare social_warfare_pro
    • Actively Exploited
    • EPSS Score: %88.31
    • Published: Mar. 24, 2019
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-23741

    An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.... Read more

    Affected Products : macos hyper hyper
    • EPSS Score: %25.81
    • Published: Jan. 28, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-23553

    A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. ... Read more

    Affected Products : bigfix_platform
    • EPSS Score: %0.31
    • Published: Feb. 02, 2024
    • Modified: Jun. 03, 2025

  • 6.2

    MEDIUM
    CVE-2024-23550

    HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. ... Read more

    Affected Products : hcl_launch hcl_devops_deploy
    • EPSS Score: %0.05
    • Published: Feb. 03, 2024
    • Modified: Jun. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-22241

    Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.   ... Read more

    Affected Products : aria_operations_for_networks
    • EPSS Score: %3.55
    • Published: Feb. 06, 2024
    • Modified: Jun. 03, 2025

  • 6.4

    MEDIUM
    CVE-2024-22238

    Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. ... Read more

    Affected Products : aria_operations_for_networks
    • EPSS Score: %1.67
    • Published: Feb. 06, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2024-22236

    In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the sh... Read more

    Affected Products : spring_cloud_contract
    • EPSS Score: %0.07
    • Published: Jan. 31, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2024-22022

    Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.... Read more

    • EPSS Score: %0.49
    • Published: Feb. 07, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2024-21888

    A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. ... Read more

    Affected Products : connect_secure policy_secure
    • EPSS Score: %61.19
    • Published: Jan. 31, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2024-21673

    This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C... Read more

    • EPSS Score: %5.20
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-20979

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network acce... Read more

    Affected Products : bi_publisher
    • EPSS Score: %0.19
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 4.9

    MEDIUM
    CVE-2024-20971

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access... Read more

    Affected Products : mysql oncommand_insight mysql_server
    • EPSS Score: %0.05
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292247 Results