Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2017-3490

    Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Difficult to exploit vu... Read more

    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-2603

    Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).... Read more

    Affected Products : jenkins
    • Published: May. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-3264

    Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise S... Read more

    Affected Products : siebel_ui_framework
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-3319

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple p... Read more

    Affected Products : mysql
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-3487

    Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Difficult to exploi... Read more

    Affected Products : flexcube_investor_servicing
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2024-47259

    Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with t... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2017-5190

    NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.... Read more

    Affected Products : access_manager
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2025-47096

    Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, allowing a low impact to the integrity of the component. Exploitation of this issue requires us... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2020-14791

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to comp... Read more

    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-42209

    HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data.... Read more

    Affected Products : connections
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2024-42208

    HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.... Read more

    Affected Products : connections
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2021-2335

    Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Creat... Read more

    Affected Products : database database_server
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-23056

    In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.... Read more

    Affected Products : erpnext erpnext
    • Published: Jun. 22, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-24236

    An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts.... Read more

    Affected Products : aria
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2025-51383

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2024-55416

    DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.... Read more

    Affected Products : voyager
    • Published: Jan. 30, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-46546

    In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx,... Read more

    Affected Products :
    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2025-1524

    The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    • Published: Apr. 17, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-54681

    Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2022-44718

    An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. Th... Read more

    Affected Products : ngeniusone
    • Published: Jan. 27, 2023
    • Modified: Mar. 28, 2025
Showing 20 of 294690 Results