Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.1

    LOW
    CVE-2017-2739

    The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications.... Read more

    Affected Products : vmall
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 3.1

    LOW
    CVE-2018-8366

    An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.... Read more

    Affected Products : edge windows_10
    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2016-5561

    Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE.... Read more

    Affected Products : solaris
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2025-4656

    Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault... Read more

    Affected Products : vault
    • Published: Jun. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-32787

    SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` do... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-48009

    Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.... Read more

    Affected Products : single_content_sync
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-50081

    Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network... Read more

    Affected Products : mysql mysql_cluster mysql_client
    • Published: Jul. 15, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-46653

    Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only t... Read more

    Affected Products : formidable
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-47279

    Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the appl... Read more

    Affected Products : undici
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-4537

    A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulati... Read more

    Affected Products : ruoyi-vue
    • Published: May. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-8713

    PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables... Read more

    Affected Products : postgresql
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2018-8862

    In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.... Read more

    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-41041

    Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory ... Read more

    Affected Products : graylog
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2022-4309

    The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack.... Read more

    Affected Products : subscribe2
    • Published: Jan. 16, 2023
    • Modified: Apr. 07, 2025

  • 3.1

    LOW
    CVE-2022-44717

    An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. Th... Read more

    Affected Products : ngeniusone
    • Published: Jan. 27, 2023
    • Modified: Mar. 28, 2025

  • 3.1

    LOW
    CVE-2025-1083

    A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted do... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025

  • 3.1

    LOW
    CVE-2025-10014

    A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. Th... Read more

    Affected Products : eladmin
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-40803

    A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The affected device exposes certain non-critical information from the device. This could allow an unauthenticated attacker to access sensitive data, potentially lead... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-58422

    RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-8277

    A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to c... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Denial of Service
Showing 20 of 294533 Results