Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-27443

    Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.... Read more

    • Published: Apr. 08, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2025-27442

    Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2025-27441

    Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-27085

    Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the ... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-27084

    A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary sc... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-27083

    Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands ... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-27082

    Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and e... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-25227

    Insufficient state checks lead to a vector that allows to bypass 2FA checks.... Read more

    Affected Products : joomla\! joomla
    • Published: Apr. 08, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-25226

    Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch ... Read more

    Affected Products : joomla\! joomla
    • Published: Apr. 08, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2024-52981

    An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.... Read more

    Affected Products : elasticsearch elasticsearch
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-52980

    A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Ela... Read more

    Affected Products : elasticsearch elasticsearch
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-52974

    An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them.... Read more

    Affected Products : kibana
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-48887

    A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request... Read more

    Affected Products : fortiswitch fortiswitch
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-3289

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute ar... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-3288

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor ... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-3287

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute ar... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-3286

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor ... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-3285

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor ... Read more

    Affected Products : arena
    • Published: Apr. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2025-32028

    HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from b... Read more

    Affected Products : hax haxcms-php haxcms-nodejs haxcms-php
    • Published: Apr. 08, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 3.8

    LOW
    CVE-2025-32026

    Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get ... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
Showing 20 of 293412 Results