Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2024-8042

    Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an emp... Read more

    Affected Products : insight_platform
    • Published: Sep. 09, 2024
    • Modified: Sep. 17, 2024

  • 3.1

    LOW
    CVE-2017-10193

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticat... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2023-2010

    The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.... Read more

    Affected Products : forminator
    • Published: Jul. 04, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-8713

    PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables... Read more

    Affected Products : postgresql
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2024-41945

    fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the `fund... Read more

    Affected Products :
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-46824

    The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit e... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2023-41093

    Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth ... Read more

    • Published: Jul. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-6524

    A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack t... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-10080

    A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to us... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cryptography

  • 3.1

    LOW
    CVE-2024-42194

    An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 3.1

    LOW
    CVE-2024-53701

    Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an attacker can directly operate the device which its screen ... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 3.1

    LOW
    CVE-2025-49731

    Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : teams
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2024-10527

    The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with S... Read more

    Affected Products : spacer
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2024-41980

    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communica... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cryptography

  • 3.1

    LOW
    CVE-2018-2790

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthent... Read more

    • Published: Apr. 19, 2018
    • Modified: May. 06, 2025

  • 3.1

    LOW
    CVE-2024-13293

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2.... Read more

    Affected Products : post_file
    • Published: Jan. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.1

    LOW
    CVE-2019-2945

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthentic... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2020-15005

    In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user cou... Read more

    Affected Products : fedora debian_linux mediawiki
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2017-15352

    Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C0... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-34414

    The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locati... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 19, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293259 Results