Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-26492

    An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters.... Read more

    • Published: Mar. 07, 2024
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-21114

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 16, 2024
    • Modified: May. 08, 2025

  • 7.3

    HIGH
    CVE-2024-21110

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 16, 2024
    • Modified: May. 08, 2025

  • 6.7

    MEDIUM
    CVE-2024-21107

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wher... Read more

    Affected Products : vm_virtualbox windows
    • Published: Apr. 16, 2024
    • Modified: May. 08, 2025

  • 2.0

    LOW
    CVE-2024-21105

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris exec... Read more

    Affected Products : solaris solaris_operating_system
    • Published: Apr. 16, 2024
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-21099

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with n... Read more

    Affected Products : business_intelligence
    • Published: Apr. 16, 2024
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2024-21076

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Offer LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP... Read more

    Affected Products : trade_management
    • Published: Apr. 16, 2024
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2024-21074

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Finance LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HT... Read more

    Affected Products : trade_management
    • Published: Apr. 16, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-21065

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access... Read more

    • Published: Apr. 16, 2024
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-21064

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privilege... Read more

    Affected Products : business_intelligence
    • Published: Apr. 16, 2024
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-21063

    Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft (component: Benefits Administration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with... Read more

    • Published: Apr. 16, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2022-42942

    A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in th... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-42233

    Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.... Read more

    Affected Products : 11n_firmware 11n
    • EPSS Score: %86.61
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.2

    HIGH
    CVE-2022-42201

    Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.... Read more

    • EPSS Score: %0.10
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-2762

    The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack... Read more

    Affected Products : adminpad
    • EPSS Score: %0.19
    • Published: Oct. 25, 2022
    • Modified: May. 08, 2025

  • 9.9

    CRITICAL
    CVE-2024-25909

    Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. ... Read more

    Affected Products : wp_media_folder
    • Published: Feb. 26, 2024
    • Modified: May. 08, 2025

  • 8.8

    HIGH
    CVE-2024-24310

    In the module "Generate barcode on invoice / delivery slip" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection.... Read more

    • Published: Feb. 23, 2024
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2024-24309

    In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction.... Read more

    Affected Products : survey_tma
    • Published: Feb. 23, 2024
    • Modified: May. 08, 2025

  • 6.3

    MEDIUM
    CVE-2024-22220

    An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder an... Read more

    Affected Products : terminalfour formbank
    • Published: Feb. 21, 2024
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2020-17386

    Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.... Read more

    Affected Products : cellos
    • EPSS Score: %0.33
    • Published: Aug. 25, 2020
    • Modified: May. 08, 2025
Showing 20 of 291647 Results