Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2021-24000

    A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led... Read more

    Affected Products : firefox
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2022-29147

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jun. 29, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-10043

    An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title thr... Read more

    Affected Products : gitlab
    • Published: Dec. 12, 2024
    • Modified: Jul. 11, 2025

  • 3.1

    LOW
    CVE-2019-2422

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with... Read more

    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2019-2493

    Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). Supported versions that are affected are 9.0 and 9.2. Difficult to exploit vulnerability allows unauthenticated attacker wit... Read more

    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2018-0878

    Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an infor... Read more

    • Published: Mar. 14, 2018
    • Modified: Apr. 04, 2025

  • 3.1

    LOW
    CVE-2025-26479

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues.... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-6107

    A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch ... Read more

    Affected Products :
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-23415

    An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN ... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-22601

    Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in t... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2024-21231

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker wit... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 3.1

    LOW
    CVE-2020-23587

    A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 3.1

    LOW
    CVE-2024-21005

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exp... Read more

    • Published: Apr. 16, 2024
    • Modified: Dec. 05, 2024

  • 3.1

    LOW
    CVE-2024-22047

    A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. ... Read more

    Affected Products : audited
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-20925

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exp... Read more

    Affected Products : jdk jre graalvm
    • Published: Feb. 17, 2024
    • Modified: Dec. 09, 2024

  • 3.1

    LOW
    CVE-2017-0042

    Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive info... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2018-3139

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthe... Read more

    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 3.0

    LOW
    CVE-2010-3506

    Unspecified vulnerability in the Oracle Explorer (Sun Explorer) component in Oracle Sun Products Suite 6.4 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : sun_products_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.0

    LOW
    CVE-2010-2374

    Unspecified vulnerability in Solaris Studio 12 update 1 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : solaris_studio
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.0

    LOW
    CVE-2025-53018

    Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery (SSRF) vulnerability exists in the `/api/v2/Photo::fromUrl` endpoint. This flaw lets an attacker instruct the application’s backend to mak... Read more

    Affected Products : lychee
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 293680 Results