Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-24419

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability t... Read more

    Affected Products : commerce commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-24418

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to byp... Read more

    Affected Products : commerce
    • Published: Feb. 11, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-24417

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form ... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-24416

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form ... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-24415

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form ... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-24414

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form ... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-24413

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form ... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-24412

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form ... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-24411

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability ... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-24410

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form ... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-24409

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass sec... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-24408

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitiv... Read more

    Affected Products : magento commerce
    • Published: Feb. 11, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-24407

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability t... Read more

    Affected Products : commerce commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-24406

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unau... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-24042

    Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability... Read more

    Affected Products : visual_studio_code vscode-js-debug
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-24039

    Visual Studio Code Elevation of Privilege Vulnerability... Read more

    Affected Products : visual_studio_code
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2025-24036

    Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability... Read more

    Affected Products : autoupdate
    • Published: Feb. 11, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-21420

    Windows Disk Cleanup Tool Elevation of Privilege Vulnerability... Read more

    • Published: Feb. 11, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-21419

    Windows Setup Files Cleanup Elevation of Privilege Vulnerability... Read more

    • Published: Feb. 11, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-21418

    Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability... Read more

    • Actively Exploited
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 291618 Results