Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-4341

    Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928.... Read more

    Affected Products : extreme_xds
    • Published: Jul. 08, 2024
    • Modified: Sep. 12, 2025

  • 7.5

    HIGH
    CVE-2024-1662

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before 2.02.... Read more

    Affected Products : powerbank
    • Published: Jun. 05, 2024
    • Modified: Sep. 12, 2025

  • 7.5

    HIGH
    CVE-2024-1272

    Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1.... Read more

    Affected Products : cockpit
    • Published: Jun. 05, 2024
    • Modified: Sep. 12, 2025

  • 4.6

    MEDIUM
    CVE-2024-1153

    Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.... Read more

    Affected Products : travel_apps
    • Published: Jun. 27, 2024
    • Modified: Sep. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-1107

    Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.... Read more

    Affected Products : travel_apps
    • Published: Jun. 27, 2024
    • Modified: Sep. 12, 2025

  • 9.6

    CRITICAL
    CVE-2024-11319

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.... Read more

    Affected Products : django_cms
    • Published: Nov. 18, 2024
    • Modified: Sep. 12, 2025

  • 8.8

    HIGH
    CVE-2024-11142

    Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05.... Read more

    Affected Products : proticaret
    • Published: May. 02, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2023-5989

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies' LioXERP allows an authenticated user to execute Stored XSS. This issue affects LioXERP: before v.146.... Read more

    Affected Products : lioxerp
    • Published: Dec. 21, 2023
    • Modified: Sep. 12, 2025

  • 7.3

    HIGH
    CVE-2024-31220

    Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the ... Read more

    Affected Products : sunshine
    • Published: Apr. 05, 2024
    • Modified: Sep. 11, 2025

  • 5.9

    MEDIUM
    CVE-2024-31221

    Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paire... Read more

    Affected Products : sunshine
    • Published: Apr. 08, 2024
    • Modified: Sep. 11, 2025

  • 4.9

    MEDIUM
    CVE-2024-31226

    Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or ... Read more

    Affected Products : sunshine
    • Published: May. 16, 2024
    • Modified: Sep. 11, 2025

  • 8.1

    HIGH
    CVE-2024-51738

    Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pai... Read more

    Affected Products : sunshine
    • Published: Jan. 20, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-32466

    Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even when API key was missing `translation.view` scope. However, it was impossible to ... Read more

    Affected Products : tolgee
    • Published: Apr. 18, 2024
    • Modified: Sep. 11, 2025

  • 6.5

    MEDIUM
    CVE-2024-32470

    Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4. ... Read more

    Affected Products : tolgee
    • Published: Apr. 18, 2024
    • Modified: Sep. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-52297

    Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2.... Read more

    Affected Products : tolgee
    • Published: Nov. 12, 2024
    • Modified: Sep. 11, 2025

  • 7.9

    HIGH
    CVE-2025-9636

    pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escala... Read more

    Affected Products : pgadmin pgadmin_4
    • Published: Sep. 04, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-21034

    Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21033

    Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-21032

    Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-21029

    Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization
Showing 20 of 294068 Results