Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2024-49822

    IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    • Published: Mar. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-44314

    TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify i... Read more

    Affected Products : tastyigniter
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2024-44313

    TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.... Read more

    Affected Products : tastyigniter
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-30106

    On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be changed by the user. This allows an attacker within Wi-Fi range to connect to the device's network to perform sniffing.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-2490

    A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. ... Read more

    Affected Products : ujcms
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2450

    NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit ... Read more

    Affected Products : vision_builder_ai
    • Published: Mar. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-2449

    NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of NI FlexLogger. User interaction is required to exploit this vu... Read more

    Affected Products : flexlogger
    • Published: Mar. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-25500

    An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthoriz... Read more

    Affected Products : cosmwasm
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-8997

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: before V3.187, V4.53.... Read more

    Affected Products : evc04_configuration_interface
    • Published: Mar. 18, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2024-21760

    An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute ar... Read more

    Affected Products : fortisoar
    • Published: Mar. 18, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-47539

    An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.... Read more

    Affected Products : fortimail
    • Published: Mar. 18, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-2495

    Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execut... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-2494

    Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are u... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-2493

    Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthori... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-2489

    Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-1468

    An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.6

    MEDIUM
    CVE-2025-0694

    Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access.... Read more

    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2024-41975

    An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-23943

    An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.... Read more

    Affected Products : mbconnect24 mymbconnect24
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2024-23942

    A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.... Read more

    Affected Products : mbconnect24 mymbconnect24
    • Published: Mar. 18, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293191 Results