Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-53303

    A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-3739

    Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*.... Read more

    • Published: Apr. 16, 2025
    • Modified: Jun. 18, 2025

  • 5.9

    MEDIUM
    CVE-2025-3738

    Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*.... Read more

    Affected Products : google_optimize
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3737

    Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*.... Read more

    Affected Products : _store_locator_project
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3736

    Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*.... Read more

    Affected Products : simple_gtm
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3735

    Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*.... Read more

    Affected Products : panelizer_\(obsolete\)
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3734

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Stage File Proxy allows Flooding.This issue affects Stage File Proxy: from 0.0.0 before 3.1.5.... Read more

    Affected Products : stage_file_proxy
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-3733

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1.... Read more

    Affected Products : baguettebox.js
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-2564

    Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archive... Read more

    Affected Products : mattermost_server
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-20236

    A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. T... Read more

    Affected Products : webex_teams
    • Published: Apr. 16, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-40074

    Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-40073

    Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-40072

    Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-40071

    Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP f... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2024-40070

    Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-40069

    Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2024-40068

    Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-22314

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cryptography

  • 7.2

    HIGH
    CVE-2025-20178

    A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This... Read more

    Affected Products : secure_network_analytics
    • Published: Apr. 16, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-20150

    A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability b... Read more

    Affected Products : nexus_dashboard
    • Published: Apr. 16, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication
Showing 20 of 293542 Results