Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-42051

    The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg.... Read more

    Affected Products : streamer
    • Published: Jul. 28, 2024
    • Modified: Sep. 03, 2025

  • 7.8

    HIGH
    CVE-2024-42053

    The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder.... Read more

    Affected Products : streamer
    • Published: Jul. 28, 2024
    • Modified: Sep. 03, 2025

  • 5.3

    MEDIUM
    CVE-2024-45165

    An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "(c)2007 UCI Software GmbH B.Boll" (without quotes). The key is both static and ... Read more

    Affected Products : idol2
    • Published: Aug. 22, 2024
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-45166

    An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (D... Read more

    Affected Products : idol2
    • Published: Aug. 22, 2024
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-45167

    An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (D... Read more

    Affected Products : idol2
    • Published: Aug. 22, 2024
    • Modified: Sep. 03, 2025

  • 9.1

    CRITICAL
    CVE-2024-45168

    An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable.... Read more

    Affected Products : idol2
    • Published: Aug. 22, 2024
    • Modified: Sep. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-43031

    autMan v2.9.6 was discovered to contain an access control issue.... Read more

    Affected Products : autman
    • Published: Aug. 23, 2024
    • Modified: Sep. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-43032

    autMan v2.9.6 allows attackers to bypass authentication via a crafted web request.... Read more

    Affected Products : autman
    • Published: Aug. 23, 2024
    • Modified: Sep. 03, 2025

  • 7.5

    HIGH
    CVE-2022-34661

    A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < ... Read more

    Affected Products : teamcenter
    • Published: Aug. 10, 2022
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-2460

    The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthenticated users... Read more

    Affected Products : wpdating
    • Published: Aug. 08, 2022
    • Modified: Sep. 03, 2025

  • 7.1

    HIGH
    CVE-2022-20358

    In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User inter... Read more

    Affected Products : android
    • Published: Aug. 10, 2022
    • Modified: Sep. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-39097

    There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.... Read more

    Affected Products : gnuboard
    • Published: Aug. 26, 2024
    • Modified: Sep. 03, 2025

  • 4.9

    MEDIUM
    CVE-2024-51991

    October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will sanitize SVG files... Read more

    Affected Products : october
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-46340

    Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in `UrlPreviewService` and `MkUrlPreview`, it is possible for an attacker to inject arbit... Read more

    Affected Products : misskey
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-46553

    @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, i... Read more

    Affected Products : misskey
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-46559

    Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. T... Read more

    Affected Products : misskey
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-46730

    MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal ... Read more

    Affected Products : mobile_security_framework
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-46731

    Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and `ALLOW_ADMI... Read more

    Affected Products : craft_cms
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-46736

    Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patched in versions ... Read more

    Affected Products : umbraco_cms
    • Published: May. 06, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-46821

    Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing th... Read more

    Affected Products : envoy
    • Published: May. 07, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization
Showing 20 of 292811 Results