Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2025-4819

    A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authori... Read more

    Affected Products : ruoyi
    • Published: May. 17, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-49198

    The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 12, 2025

  • 3.1

    LOW
    CVE-2020-23587

    A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.09
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 3.1

    LOW
    CVE-2025-48463

    Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tamp... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cryptography

  • 3.1

    LOW
    CVE-2023-21262

    In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation. ... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-32677

    Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and be... Read more

    Affected Products : zulip zulip_server
    • EPSS Score: %0.05
    • Published: May. 19, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-42194

    An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 3.1

    LOW
    CVE-2020-15671

    When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox ... Read more

    Affected Products : firefox
    • EPSS Score: %0.14
    • Published: Oct. 01, 2020
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-22052

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege wit... Read more

    Affected Products : database_server
    • EPSS Score: %0.12
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-38158

    Microsoft Edge (Chromium-based) Information Disclosure Vulnerability... Read more

    Affected Products : edge_chromium
    • EPSS Score: %0.87
    • Published: Aug. 21, 2023
    • Modified: Feb. 28, 2025

  • 3.1

    LOW
    CVE-2022-41963

    BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their acce... Read more

    Affected Products : bigbluebutton
    • EPSS Score: %0.04
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-1399

    Out-of-bounds Read vulnerability in unpack_response (session.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2023-49619

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will o... Read more

    Affected Products : answer
    • EPSS Score: %0.98
    • Published: Jan. 10, 2024
    • Modified: Jun. 11, 2025

  • 3.1

    LOW
    CVE-2025-1083

    A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted do... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025

  • 3.1

    LOW
    CVE-2018-8862

    In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.... Read more

    • EPSS Score: %0.20
    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2017-17282

    SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006... Read more

    • EPSS Score: %0.05
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2017-2739

    The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications.... Read more

    Affected Products : vmall
    • EPSS Score: %0.02
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2024-49755

    Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP acce... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 3.1

    LOW
    CVE-2023-41093

    Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth ... Read more

    • Published: Jul. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2022-4309

    The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack.... Read more

    Affected Products : subscribe2
    • EPSS Score: %0.09
    • Published: Jan. 16, 2023
    • Modified: Apr. 07, 2025
Showing 20 of 291389 Results