Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-28388

    SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method.... Read more

    Affected Products : product_comments
    • Published: Mar. 14, 2024
    • Modified: Sep. 18, 2025

  • 7.5

    HIGH
    CVE-2022-46070

    GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path.... Read more

    Affected Products : gv-asmanager
    • Published: Mar. 11, 2024
    • Modified: Sep. 18, 2025

  • 8.8

    HIGH
    CVE-2024-25501

    An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter.... Read more

    Affected Products : winmail winmail
    • Published: Mar. 09, 2024
    • Modified: Sep. 18, 2025

  • 7.5

    HIGH
    CVE-2023-47415

    Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter.... Read more

    Affected Products : ctm-200_firmware ctm-200
    • Published: Mar. 07, 2024
    • Modified: Sep. 18, 2025

  • 8.8

    HIGH
    CVE-2024-2216

    A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided ... Read more

    Affected Products : docker docker-build-step
    • Published: Mar. 06, 2024
    • Modified: Sep. 18, 2025

  • 6.1

    MEDIUM
    CVE-2024-2215

    A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters... Read more

    Affected Products : docker-build-step
    • Published: Mar. 06, 2024
    • Modified: Sep. 18, 2025

  • 6.3

    MEDIUM
    CVE-2024-28152

    In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write acc... Read more

    Affected Products : bitbucket_branch_source
    • Published: Mar. 06, 2024
    • Modified: Sep. 18, 2025

  • 7.5

    HIGH
    CVE-2024-25398

    In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service.... Read more

    Affected Products : srelay
    • Published: Feb. 27, 2024
    • Modified: Sep. 18, 2025

  • 7.5

    HIGH
    CVE-2024-27356

    An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, A... Read more

    • Published: Feb. 27, 2024
    • Modified: Sep. 18, 2025

  • 5.3

    MEDIUM
    CVE-2024-24720

    An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system.... Read more

    Affected Products : innovaphone_pbx
    • Published: Feb. 27, 2024
    • Modified: Sep. 18, 2025

  • 6.5

    MEDIUM
    CVE-2024-24721

    An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel... Read more

    Affected Products : innovaphone_pbx
    • Published: Feb. 27, 2024
    • Modified: Sep. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-25247

    SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters.... Read more

    Affected Products : b2b2c_multi-business
    • Published: Feb. 26, 2024
    • Modified: Sep. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-58352

    Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. Th... Read more

    Affected Products : weblate
    • Published: Sep. 05, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-1899

    An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions. ... Read more

    Affected Products : showdown
    • Published: Feb. 26, 2024
    • Modified: Sep. 18, 2025

  • 9.1

    CRITICAL
    CVE-2024-27456

    rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.... Read more

    Affected Products : rack-cors rack_cors_middleware
    • Published: Feb. 26, 2024
    • Modified: Sep. 18, 2025

  • 7.5

    HIGH
    CVE-2024-27454

    orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.... Read more

    Affected Products : orjson
    • Published: Feb. 26, 2024
    • Modified: Sep. 18, 2025

  • 5.9

    MEDIUM
    CVE-2024-27350

    Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible af... Read more

    Affected Products : fire_os
    • Published: Feb. 26, 2024
    • Modified: Sep. 18, 2025

  • 7.2

    HIGH
    CVE-2024-24386

    An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.... Read more

    Affected Products : vitalpbx
    • Published: Feb. 15, 2024
    • Modified: Sep. 18, 2025

  • 5.9

    MEDIUM
    CVE-2024-24256

    SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the saveMove.jsp in the hr_position directory.... Read more

    Affected Products : yonyou
    • Published: Feb. 15, 2024
    • Modified: Sep. 18, 2025

  • 9.0

    CRITICAL
    CVE-2025-8904

    Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Use... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 294694 Results