Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2025-48939

    tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual <script> element. If an atta... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2021-43017

    Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of se... Read more

    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2022-21930

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2019-2959

    Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP ... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-41965

    Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new ... Read more

    Affected Products : vim
    • Published: Aug. 01, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2018-12332

    Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset.... Read more

    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-10575

    An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.... Read more

    Affected Products : janus
    • Published: Mar. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-1540

    An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone inter... Read more

    Affected Products : gitlab
    • Published: Mar. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2024-21066

    Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with logon to the in... Read more

    Affected Products : database_server database_-_rdbms
    • Published: Apr. 16, 2024
    • Modified: Jun. 18, 2025

  • 4.2

    MEDIUM
    CVE-2023-42934

    An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 20, 2025

  • 4.2

    MEDIUM
    CVE-2017-13679

    A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a spe... Read more

    Affected Products : encryption_desktop
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2023-42757

    Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. This can occur throug... Read more

    Affected Products :
    • Published: May. 07, 2024
    • Modified: Mar. 26, 2025

  • 4.2

    MEDIUM
    CVE-2018-8435

    A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.... Read more

    Affected Products : windows_10 windows_server_2016
    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2022-21439

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris e... Read more

    Affected Products : solaris solaris
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-3793

    The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bp_force_password_ajax' function in all ver... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 4.2

    MEDIUM
    CVE-2025-46675

    In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.... Read more

    Affected Products : cryptolib
    • Published: Apr. 27, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cryptography

  • 4.2

    MEDIUM
    CVE-2024-56998

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address.... Read more

    • Published: Jan. 21, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2025-22834

    AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity,... Read more

    Affected Products : aptio_v
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2024-56997

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter.... Read more

    Affected Products : hospital_management_system
    • Published: Jan. 21, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2024-36036

    Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 27, 2024
    • Modified: May. 16, 2025
Showing 20 of 293646 Results