Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2009-3552

    In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterpr... Read more

    Affected Products : enterprise_virtualization_manager
    • Published: Nov. 09, 2019
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2018-0878

    Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an infor... Read more

    • Published: Mar. 14, 2018
    • Modified: Apr. 04, 2025

  • 3.1

    LOW
    CVE-2018-3139

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthe... Read more

    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-50081

    Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network... Read more

    Affected Products : mysql mysql_cluster mysql_client
    • Published: Jul. 15, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-48009

    Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.... Read more

    Affected Products : single_content_sync
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-4537

    A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulati... Read more

    Affected Products : ruoyi-vue
    • Published: May. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2024-51472

    IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensiti... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Jan. 06, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-4656

    Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault... Read more

    Affected Products : vault
    • Published: Jun. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-8751

    A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. It has been classified as problematic. This affects an unknown part of the component Block Page. The manipulation of the argument Category leads to cross site scriptin... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2020-14798

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthentica... Read more

    • Published: Oct. 21, 2020
    • Modified: May. 27, 2025

  • 3.1

    LOW
    CVE-2017-10193

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticat... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2025-10014

    A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. Th... Read more

    Affected Products : eladmin
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2016-3325

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."... Read more

    Affected Products : edge internet_explorer
    • Published: Sep. 14, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2017-17282

    SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006... Read more

    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-3932

    A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The compl... Read more

    Affected Products :
    • Published: Apr. 18, 2024
    • Modified: Jun. 11, 2025

  • 3.1

    LOW
    CVE-2022-44717

    An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. Th... Read more

    Affected Products : ngeniusone
    • Published: Jan. 27, 2023
    • Modified: Mar. 28, 2025

  • 3.1

    LOW
    CVE-2022-4309

    The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack.... Read more

    Affected Products : subscribe2
    • Published: Jan. 16, 2023
    • Modified: Apr. 07, 2025

  • 3.1

    LOW
    CVE-2025-5031

    A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2024-53701

    Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an attacker can directly operate the device which its screen ... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 3.1

    LOW
    CVE-2025-1412

    Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication
Showing 20 of 292797 Results