Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-0466

    The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.... Read more

    Affected Products : sensei_lms
    • Published: Feb. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2024-8983

    Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : custom_twitter_feeds
    • Published: Oct. 08, 2024
    • Modified: Aug. 27, 2025

  • 5.3

    MEDIUM
    CVE-2024-4665

    The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.... Read more

    Affected Products : eventprime
    • Published: May. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 4.4

    MEDIUM
    CVE-2012-0216

    The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local... Read more

    Affected Products : debian_linux apache2
    • EPSS Score: %0.05
    • Published: Apr. 22, 2012
    • Modified: Aug. 27, 2025

  • 8.2

    HIGH
    CVE-2025-41450

    Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-3755

    Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service ... Read more

    • Published: May. 29, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-9028

    A flaw has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /adphar.php. Executing manipulation of the argument phuname can lead to sql injection. The attack can be launched remotely. The exploit h... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-32242

    Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36.... Read more

    Affected Products : woodmart
    • EPSS Score: %0.74
    • Published: Dec. 21, 2023
    • Modified: Aug. 27, 2025

  • 8.2

    HIGH
    CVE-2025-31478

    Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email a... Read more

    Affected Products : zulip zulip_server
    • Published: Apr. 16, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2025-48443

    Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administr... Read more

    Affected Products : password_manager
    • Published: Jun. 17, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2025-47933

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the re... Read more

    Affected Products : argo-cd argo_cd
    • Published: May. 29, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-47930

    Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel... Read more

    Affected Products : zulip zulip_server
    • Published: May. 16, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2024-56136

    Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user c... Read more

    Affected Products : zulip zulip_server
    • Published: Jan. 16, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-24356

    fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by... Read more

    Affected Products : fastd
    • Published: Jan. 27, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-24892

    OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not proper... Read more

    Affected Products : openproject
    • Published: Feb. 10, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2025-27149

    Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integra... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 31, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2025-30368

    Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefor... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 31, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-30369

    Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the ... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 31, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2024-43090

    In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Aug. 26, 2025

  • 6.8

    MEDIUM
    CVE-2024-0032

    In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 16, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 292228 Results