Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2025-0625

    A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possib... Read more

    Affected Products : school_management_software
    • Published: Jan. 22, 2025
    • Modified: Mar. 28, 2025

  • 3.1

    LOW
    CVE-2025-7882

    A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication att... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-1149

    A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remo... Read more

    Affected Products : binutils
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2024-20925

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exp... Read more

    Affected Products : jdk jre graalvm
    • Published: Feb. 17, 2024
    • Modified: Dec. 09, 2024

  • 3.1

    LOW
    CVE-2024-21848

    Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Apr. 05, 2024
    • Modified: Dec. 13, 2024

  • 3.1

    LOW
    CVE-2021-35588

    Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vuln... Read more

    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-1400

    Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-4656

    Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault... Read more

    Affected Products : vault
    • Published: Jun. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-32787

    SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` do... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-4537

    A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulati... Read more

    Affected Products : ruoyi-vue
    • Published: May. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-46653

    Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only t... Read more

    Affected Products : formidable
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-50081

    Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network... Read more

    Affected Products : mysql mysql_cluster mysql_client
    • Published: Jul. 15, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2016-5166

    The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote atta... Read more

    Affected Products : leap chrome
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2016-4583

    WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.... Read more

    Affected Products : iphone_os tvos safari webkitgtk\+ webkit
    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2020-3894

    A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restrict... Read more

    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-2032

    A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerabili... Read more

    Affected Products : zenml
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-7598

    A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined... Read more

    Affected Products : kube-apiserver
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2016-3276

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2016-5561

    Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE.... Read more

    Affected Products : solaris
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2025-10080

    A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to us... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cryptography
Showing 20 of 293947 Results