Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2022-21538

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multi... Read more

    • EPSS Score: %0.15
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2020-11767

    Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s)... Read more

    Affected Products : envoy istio
    • EPSS Score: %0.09
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-28344

    An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL.... Read more

    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 3.1

    LOW
    CVE-2024-21848

    Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Apr. 05, 2024
    • Modified: Dec. 13, 2024

  • 3.1

    LOW
    CVE-2022-36117

    An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access co... Read more

    Affected Products : blue_prism
    • EPSS Score: %0.53
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-26979

    Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the stimulator by hijacking the BLE communication.... Read more

    Affected Products : bluetensq
    • EPSS Score: %0.03
    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-32677

    Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and be... Read more

    Affected Products : zulip zulip_server
    • EPSS Score: %0.05
    • Published: May. 19, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-46824

    The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit e... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-6524

    A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack t... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2024-11126

    A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity ... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 12, 2024

  • 3.1

    LOW
    CVE-2022-4102

    The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to... Read more

    Affected Products : royal_elementor_addons
    • EPSS Score: %0.08
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 3.1

    LOW
    CVE-2023-21262

    In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation. ... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 3.0

    LOW
    CVE-2024-20910

    Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracl... Read more

    Affected Products : audit_vault_and_database_firewall
    • EPSS Score: %0.29
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 3.0

    LOW
    CVE-2014-0361

    The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via uns... Read more

    • EPSS Score: %0.06
    • Published: Apr. 21, 2014
    • Modified: Apr. 12, 2025

  • 3.0

    LOW
    CVE-2021-25743

    kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.... Read more

    Affected Products : kubernetes
    • EPSS Score: %0.31
    • Published: Jan. 07, 2022
    • Modified: Aug. 22, 2025

  • 3.0

    LOW
    CVE-2025-31363

    Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performin... Read more

    Affected Products : mattermost_server
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.0

    LOW
    CVE-2024-24901

    Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.... Read more

    Affected Products : powerscale_onefs
    • Published: Mar. 04, 2024
    • Modified: Jan. 08, 2025

  • 3.0

    LOW
    CVE-2010-3506

    Unspecified vulnerability in the Oracle Explorer (Sun Explorer) component in Oracle Sun Products Suite 6.4 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : sun_products_suite
    • EPSS Score: %0.12
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.0

    LOW
    CVE-2009-1981

    Unspecified vulnerability in the Highly Interactive Client component in Siebel Product Suite 7.5.3, 7.7.2, 7.8.2, 8.0.0.5, and 8.1.0 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : siebel_enterprise_suite
    • EPSS Score: %0.09
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 3.0

    LOW
    CVE-2024-21257

    Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with access to the physical c... Read more

    Affected Products : hyperion_bi\+
    • Published: Oct. 15, 2024
    • Modified: Nov. 06, 2024
Showing 20 of 291830 Results