Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2024-8266

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-7102

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-51376

    Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Path Traversal

  • 3.5

    LOW
    CVE-2024-34521

    A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to access system files with the file permissions of the privileged system user running the ap... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-34520

    An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' fea... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-20097

    Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-1229

    A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected by this vulnerability is an unknown functionality of the file /read/?page=1&logfile=eee&match=. The manipulation of the argument... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-1228

    A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOG_Monitor of the component Logfile Update Handler. The manipu... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2024-57605

    Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.... Read more

    Affected Products : fuel_cms
    • Published: Feb. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-57604

    An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.... Read more

    Affected Products : ezbookkeeping
    • Published: Feb. 12, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2024-57603

    An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.... Read more

    Affected Products : ezbookkeeping
    • Published: Feb. 12, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57602

    An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.... Read more

    Affected Products : easyappointments
    • Published: Feb. 12, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-57601

    Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.... Read more

    Affected Products : easyappointments
    • Published: Feb. 12, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-56940

    An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) via excessive file uploads.... Read more

    Affected Products : learndash
    • Published: Feb. 12, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-56939

    LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ld-comment-body class.... Read more

    Affected Products : learndash
    • Published: Feb. 12, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-56938

    LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the materials-content class.... Read more

    Affected Products : learndash
    • Published: Feb. 12, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-51440

    An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-51123

    An issue in Zertificon Z1 SecureMail Z1 SecureMail Gateway 4.44.2-7240-debian12 allows a remote attacker to obtain sensitive information via the /compose-pdf.xhtml?convid=[id] component.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2024-51122

    Cross Site Scripting vulnerability in Zertificon Z1 SecureMail Z1 CertServer v.3.16.4-2516-debian12 alllows a remote attacker to execute arbitrary code via the ST, L, O, OU, CN parameters.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2024-47006

    Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 291783 Results