Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2025-49198

    The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 12, 2025

  • 3.1

    LOW
    CVE-2025-4819

    A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authori... Read more

    Affected Products : ruoyi
    • Published: May. 17, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2019-10397

    Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.... Read more

    Affected Products : aqua_security_severless_scanner
    • Published: Sep. 12, 2019
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2009-3552

    In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterpr... Read more

    Affected Products : enterprise_virtualization_manager
    • Published: Nov. 09, 2019
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2018-0763

    Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0839.... Read more

    Affected Products : edge windows_10
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-3082

    A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior... Read more

    Affected Products : mongodb
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-41423

    Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions ... Read more

    Affected Products : mattermost_server
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-7703

    Authentication vulnerability in the mobile application(tech.palm.id)may lead to the risk of information leakage.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2023-49619

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will o... Read more

    Affected Products : answer
    • Published: Jan. 10, 2024
    • Modified: Jun. 11, 2025

  • 3.1

    LOW
    CVE-2023-42119

    Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. Th... Read more

    Affected Products : exim
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 3.1

    LOW
    CVE-2025-22601

    Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in t... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-23415

    An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN ... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-52463

    Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a specially crafted URL while being logged in.... Read more

    Affected Products : active\!_mail
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.1

    LOW
    CVE-2023-22048

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple p... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2018-10947

    An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.... Read more

    • Published: Jun. 13, 2019
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-22052

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege wit... Read more

    Affected Products : database_server
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2020-11767

    Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s)... Read more

    Affected Products : envoy istio
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2016-7199

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."... Read more

    Affected Products : edge internet_explorer
    • Published: Nov. 10, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2025-10252

    A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack is conside... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2024-2032

    A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerabili... Read more

    Affected Products : zenml
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293923 Results