Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2025-8713

    PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables... Read more

    Affected Products : postgresql
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-4656

    Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault... Read more

    Affected Products : vault
    • Published: Jun. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-1180

    A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to ini... Read more

    Affected Products : binutils
    • Published: Feb. 11, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-4537

    A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulati... Read more

    Affected Products : ruoyi-vue
    • Published: May. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-48009

    Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.... Read more

    Affected Products : single_content_sync
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2022-30629

    Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.... Read more

    Affected Products : go
    • EPSS Score: %0.07
    • Published: Aug. 10, 2022
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2021-24000

    A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led... Read more

    Affected Products : firefox
    • EPSS Score: %0.23
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2016-7239

    The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Informa... Read more

    Affected Products : edge internet_explorer
    • EPSS Score: %13.53
    • Published: Nov. 10, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2024-50345

    symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can tr... Read more

    Affected Products : symfony
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 3.1

    LOW
    CVE-2024-50343

    symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of ve... Read more

    Affected Products : symfony
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 3.1

    LOW
    CVE-2024-50342

    symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host res... Read more

    Affected Products : symfony
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 3.1

    LOW
    CVE-2024-21005

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exp... Read more

    • Published: Apr. 16, 2024
    • Modified: Dec. 05, 2024

  • 3.1

    LOW
    CVE-2024-21231

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker wit... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 3.1

    LOW
    CVE-2024-21003

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exp... Read more

    • Published: Apr. 16, 2024
    • Modified: Mar. 29, 2025

  • 3.1

    LOW
    CVE-2024-39458

    When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of se... Read more

    Affected Products :
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2019-2422

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with... Read more

    • EPSS Score: %0.11
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-8042

    Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an emp... Read more

    Affected Products : insight_platform
    • Published: Sep. 09, 2024
    • Modified: Sep. 17, 2024

  • 3.1

    LOW
    CVE-2023-41041

    Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory ... Read more

    Affected Products : graylog
    • EPSS Score: %0.22
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-3584

    Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override s... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %0.12
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2018-8481

    An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server... Read more

    • EPSS Score: %2.46
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292228 Results