Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2025-50069

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with ... Read more

    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2025-50065

    Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is affected is Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network ac... Read more

    Affected Products : graalvm_for_jdk
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-50063

    Vulnerability in Oracle Java SE (component: Install). The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to comp... Read more

    Affected Products : jdk jre java_se
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-50059

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracl... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-30754

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Orac... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-20701

    In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-9632

    A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escal... Read more

    • Published: Oct. 30, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2024-31083

    A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to ... Read more

    Affected Products : enterprise_linux libssh
    • Published: Apr. 05, 2024
    • Modified: Aug. 04, 2025

  • 7.3

    HIGH
    CVE-2024-31081

    A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particula... Read more

    Affected Products : enterprise_linux libssh
    • Published: Apr. 04, 2024
    • Modified: Aug. 04, 2025

  • 7.3

    HIGH
    CVE-2024-31080

    A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particula... Read more

    Affected Products : enterprise_linux libssh
    • Published: Apr. 04, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2024-21886

    A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.... Read more

    Affected Products : enterprise_linux libssh
    • Published: Feb. 28, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2024-21885

    A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, whic... Read more

    Affected Products : enterprise_linux libssh
    • Published: Feb. 28, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2024-0229

    An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the ... Read more

    • EPSS Score: %0.30
    • Published: Feb. 09, 2024
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-6816

    A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the dev... Read more

    • EPSS Score: %2.43
    • Published: Jan. 18, 2024
    • Modified: Aug. 04, 2025

  • 7.6

    HIGH
    CVE-2023-6478

    A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.... Read more

    • EPSS Score: %1.02
    • Published: Dec. 13, 2023
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2023-5367

    A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty ... Read more

    • EPSS Score: %0.06
    • Published: Oct. 25, 2023
    • Modified: Aug. 04, 2025

  • 3.7

    LOW
    CVE-2025-30752

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unau... Read more

    Affected Products : jdk jre java_se graalvm_for_jdk
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-30749

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-40686

    Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview... Read more

    Affected Products : human_resource_management_system
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-40685

    Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php.... Read more

    Affected Products : human_resource_management_system
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291385 Results