Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-31083

    A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to ... Read more

    Affected Products : enterprise_linux libssh
    • Published: Apr. 05, 2024
    • Modified: Aug. 04, 2025

  • 7.3

    HIGH
    CVE-2024-31081

    A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particula... Read more

    Affected Products : enterprise_linux libssh
    • Published: Apr. 04, 2024
    • Modified: Aug. 04, 2025

  • 7.3

    HIGH
    CVE-2024-31080

    A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particula... Read more

    Affected Products : enterprise_linux libssh
    • Published: Apr. 04, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2024-21886

    A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.... Read more

    Affected Products : enterprise_linux libssh
    • Published: Feb. 28, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2024-21885

    A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, whic... Read more

    Affected Products : enterprise_linux libssh
    • Published: Feb. 28, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2024-0229

    An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the ... Read more

    • EPSS Score: %0.30
    • Published: Feb. 09, 2024
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-6816

    A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the dev... Read more

    • EPSS Score: %2.43
    • Published: Jan. 18, 2024
    • Modified: Aug. 04, 2025

  • 7.6

    HIGH
    CVE-2023-6478

    A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.... Read more

    • EPSS Score: %1.02
    • Published: Dec. 13, 2023
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2023-5367

    A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty ... Read more

    • EPSS Score: %0.06
    • Published: Oct. 25, 2023
    • Modified: Aug. 04, 2025

  • 3.7

    LOW
    CVE-2025-30752

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unau... Read more

    Affected Products : jdk jre java_se graalvm_for_jdk
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-30749

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-40686

    Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview... Read more

    Affected Products : human_resource_management_system
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-40685

    Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php.... Read more

    Affected Products : human_resource_management_system
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-40684

    Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.... Read more

    Affected Products : human_resource_management_system
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-40683

    Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccity' parameter in /city.php.... Read more

    Affected Products : human_resource_management_system
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-40682

    SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.... Read more

    Affected Products : human_resource_management_system
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2018-18748

    Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended f... Read more

    Affected Products : sandboxie sandboxie
    • EPSS Score: %0.80
    • Published: Oct. 29, 2018
    • Modified: Aug. 04, 2025

  • 4.3

    MEDIUM
    CVE-2025-43228

    The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to address bar spoofing.... Read more

    Affected Products : iphone_os safari ipados
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2025-37109

    Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-33028

    In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User intera... Read more

    Affected Products : winzip
    • Published: Apr. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291360 Results