Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-53032

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to... Read more

    Affected Products : mysql_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-53031

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.8, 8.0.8.5, 8.0.8.6, 8.1.1.4 and 8.1.2.5. Easil... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-50108

    Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Workspace). The supported version that is affected is 11.2.20.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via ... Read more

    Affected Products : hyperion_financial_reporting
    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-50107

    Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Request handling). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network acce... Read more

    Affected Products : universal_work_queue
    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-50105

    Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with n... Read more

    Affected Products : universal_work_queue
    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-50073

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker ... Read more

    Affected Products : weblogic_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 4.0

    MEDIUM
    CVE-2025-50072

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logo... Read more

    Affected Products : weblogic_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2024-54027

    A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attack... Read more

    Affected Products : fortisandbox
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2021-32584

    An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certa... Read more

    Affected Products : fortiwlc
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2021-26087

    An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the sa... Read more

    Affected Products : fortiwlc
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2021-22126

    A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U... Read more

    Affected Products : fortiwlc
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 5.0

    MEDIUM
    CVE-2020-29010

    An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get... Read more

    Affected Products : fortios
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2019-6697

    An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the Fort... Read more

    Affected Products : fortios
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2019-15706

    An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, version 5.6.12 may allow a remote authenticated attacke... Read more

    Affected Products : fortios fortiproxy
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55594

    An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2022-29059

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands ... Read more

    Affected Products : fortiweb
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-26006

    An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and... Read more

    Affected Products : fortios fortiproxy
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2024-33504

    A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permission... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Published: Feb. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cryptography

  • 6.7

    MEDIUM
    CVE-2024-21758

    A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protection... Read more

    Affected Products : fortiweb
    • Published: Jan. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-22256

    A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted H... Read more

    Affected Products : fortipam fortisra
    • Published: Jun. 10, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization
Showing 20 of 292095 Results