Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2020-23587

    A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 3.1

    LOW
    CVE-2024-20925

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exp... Read more

    Affected Products : jdk jre graalvm
    • Published: Feb. 17, 2024
    • Modified: Dec. 09, 2024

  • 3.1

    LOW
    CVE-2024-22047

    A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. ... Read more

    Affected Products : audited
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-21231

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker wit... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 3.1

    LOW
    CVE-2024-21848

    Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Apr. 05, 2024
    • Modified: Dec. 13, 2024

  • 3.1

    LOW
    CVE-2020-3894

    A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restrict... Read more

    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-5889

    A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression comple... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-49112

    setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.... Read more

    Affected Products : redis
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2016-4583

    WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.... Read more

    Affected Products : iphone_os tvos safari webkitgtk\+ webkit
    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2016-7204

    Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."... Read more

    Affected Products : edge
    • Published: Nov. 10, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2024-39458

    When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of se... Read more

    Affected Products :
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2016-5166

    The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote atta... Read more

    Affected Products : leap chrome
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2018-3139

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthe... Read more

    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-10287

    A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the argument orderNo leads to direct request. The attack may... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.1

    LOW
    CVE-2024-21174

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.23, 21.3-21.14 and 23.4. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privile... Read more

    Affected Products : database_server
    • Published: Jul. 16, 2024
    • Modified: Jun. 18, 2025

  • 3.1

    LOW
    CVE-2024-39919

    @jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the us... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-25637

    October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be ex... Read more

    Affected Products : october
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-49198

    The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 12, 2025

  • 3.1

    LOW
    CVE-2025-7882

    A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication att... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-6107

    A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch ... Read more

    Affected Products :
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293639 Results