Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2020-23587

    A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 3.1

    LOW
    CVE-2023-23395

    Microsoft SharePoint Server Spoofing Vulnerability... Read more

    • Published: Mar. 14, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-30197

    Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2017-11833

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin re... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2017-17282

    SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006... Read more

    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-55070

    A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.... Read more

    Affected Products : mealie
    • Published: Mar. 27, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2017-3626

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : glassfish_server
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2024-51744

    golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired ... Read more

    Affected Products :
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024

  • 3.1

    LOW
    CVE-2025-42914

    Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the i... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2024-51472

    IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensiti... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Jan. 06, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-58422

    RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-8277

    A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to c... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-42913

    Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the i... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-40803

    A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The affected device exposes certain non-critical information from the device. This could allow an unauthenticated attacker to access sensitive data, potentially lead... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-3637

    A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_d... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-40802

    A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The affected device may be susceptible to resource exhaustion when subjected to high volumes of query requests. This could allow an attacker to cause a temporary de... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-3329

    A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmi... Read more

    Affected Products : comanda_mobile
    • Published: Apr. 07, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cryptography

  • 3.1

    LOW
    CVE-2025-32787

    SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` do... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-24839

    Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activate_ai override propert... Read more

    Affected Products : mattermost_server
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2017-10193

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticat... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294299 Results