Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2025-32816

    CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment plan associated with the wrong entity.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-2093

    A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone nu... Read more

    Affected Products : online_library_management_system
    • Published: Mar. 07, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-26479

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues.... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-0625

    A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possib... Read more

    Affected Products : school_management_software
    • Published: Jan. 22, 2025
    • Modified: Mar. 28, 2025

  • 3.1

    LOW
    CVE-2025-7703

    Authentication vulnerability in the mobile application(tech.palm.id)may lead to the risk of information leakage.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-3082

    A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior... Read more

    Affected Products : mongodb
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2020-14796

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthentica... Read more

    • Published: Oct. 21, 2020
    • Modified: May. 27, 2025

  • 3.1

    LOW
    CVE-2020-15671

    When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox ... Read more

    Affected Products : firefox
    • Published: Oct. 01, 2020
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2020-15005

    In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user cou... Read more

    Affected Products : fedora debian_linux mediawiki
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-1221

    This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only ... Read more

    • Published: Mar. 14, 2024
    • Modified: Jan. 23, 2025

  • 3.1

    LOW
    CVE-2024-21003

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exp... Read more

    • Published: Apr. 16, 2024
    • Modified: Mar. 29, 2025

  • 3.1

    LOW
    CVE-2016-3276

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2016-7239

    The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Informa... Read more

    Affected Products : edge internet_explorer
    • Published: Nov. 10, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2025-5889

    A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression comple... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2024-39458

    When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of se... Read more

    Affected Products :
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2016-2513

    The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.... Read more

    Affected Products : django
    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2021-24000

    A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led... Read more

    Affected Products : firefox
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2017-3539

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticat... Read more

    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2016-3274

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."... Read more

    Affected Products : edge internet_explorer
    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2025-30197

    Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 294299 Results