Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2018-8864

    In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger fal... Read more

    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2018-8481

    An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server... Read more

    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2017-0042

    Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive info... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2018-8482

    An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server... Read more

    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-52463

    Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a specially crafted URL while being logged in.... Read more

    Affected Products : active\!_mail
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.1

    LOW
    CVE-2023-6068

    On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and som... Read more

    Affected Products : mos
    • Published: Mar. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-0625

    A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possib... Read more

    Affected Products : school_management_software
    • Published: Jan. 22, 2025
    • Modified: Mar. 28, 2025

  • 3.1

    LOW
    CVE-2025-3082

    A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior... Read more

    Affected Products : mongodb
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2023-4579

    Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine.... Read more

    Affected Products : firefox
    • Published: Sep. 11, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2009-3552

    In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterpr... Read more

    Affected Products : enterprise_virtualization_manager
    • Published: Nov. 09, 2019
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-22006

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise ... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2017-10345

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploi... Read more

    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2024-21174

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.23, 21.3-21.14 and 23.4. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privile... Read more

    Affected Products : database_server
    • Published: Jul. 16, 2024
    • Modified: Jun. 18, 2025

  • 3.1

    LOW
    CVE-2024-2032

    A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerabili... Read more

    Affected Products : zenml
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2021-24000

    A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led... Read more

    Affected Products : firefox
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-36241

    Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command... Read more

    Affected Products : mattermost_server mattermost
    • Published: May. 26, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2015-6641

    Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.... Read more

    Affected Products : android
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2024-39458

    When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of se... Read more

    Affected Products :
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2022-41963

    BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their acce... Read more

    Affected Products : bigbluebutton
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2017-3626

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : glassfish_server
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293360 Results