Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2025-23363

    A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V... Read more

    Affected Products : teamcenter
    • Published: Feb. 11, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 4.9

    MEDIUM
    CVE-2025-0862

    The SuperSaaS – online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes i... Read more

    Affected Products : supersaas
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-0526

    In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.... Read more

    Affected Products : windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-0513

    In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.0

    MEDIUM
    CVE-2024-54090

    A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain an out-of-bounds read in the memory dump function. This co... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2024-54089

    A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key. Thi... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2024-54015

    A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 6.7

    MEDIUM
    CVE-2024-53977

    A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This c... Read more

    Affected Products : modelsim questa
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2024-53651

    A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 ... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Information Disclosure

  • 7.0

    HIGH
    CVE-2024-53648

    A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.90), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versio... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-45386

    A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA ... Read more

    Affected Products : tia_administrator
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2024-23814

    The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker ... Read more

    • Published: Feb. 11, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2024-13506

    The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the display_name profile parameter in all versions up to, and including, 2.8.97 due to insufficient inp... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2023-37482

    The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.... Read more

    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-26411

    An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid u... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-26410

    The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell ... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-26409

    A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shel... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Mar. 17, 2025

  • 6.1

    MEDIUM
    CVE-2025-26408

    The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmwa... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-0525

    In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-1182

    A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch... Read more

    Affected Products : binutils
    • Published: Feb. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291647 Results