Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-53933

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_enfermidade.php` endpoint of the WeGIA application prior to version... Read more

    Affected Products : wegia
    • Published: Jul. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-53932

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro_adotante.php` endpoint of the WeGIA application prior to version ... Read more

    Affected Products : wegia
    • Published: Jul. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-53931

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_raca.php` endpoint of the WeGIA application prior to version 3.4.5.... Read more

    Affected Products : wegia
    • Published: Jul. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2024-6286

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows... Read more

    Affected Products : workspace
    • Published: Jul. 10, 2024
    • Modified: Jul. 25, 2025

  • 6.1

    MEDIUM
    CVE-2024-13325

    The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : glossy
    • Published: Feb. 04, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-30086

    CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user t... Read more

    Affected Products : harbor
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-30756

    Vulnerability in Oracle REST Data Services (component: General). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Su... Read more

    Affected Products : rest_data_services
    • Published: Jul. 15, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-30753

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with netwo... Read more

    Affected Products : weblogic_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2024-6150

    A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning... Read more

    Affected Products : provisioning
    • Published: Jul. 10, 2024
    • Modified: Jul. 25, 2025

  • 6.1

    MEDIUM
    CVE-2025-30748

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with net... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Jul. 15, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-30747

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with net... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Jul. 15, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-30744

    Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Multiplatform Sync Errors). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with netw... Read more

    Affected Products : mobile_field_service
    • Published: Jul. 15, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-30746

    Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to co... Read more

    Affected Products : istore
    • Published: Jul. 15, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-51770

    An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 14, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-51769

    An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 14, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2024-51768

    An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 14, 2025
    • Modified: Jul. 25, 2025

  • 7.3

    HIGH
    CVE-2024-51767

    An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 14, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2024-6151

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS... Read more

    Affected Products : virtual_apps_and_desktops
    • Published: Jul. 10, 2024
    • Modified: Jul. 25, 2025

  • 6.5

    MEDIUM
    CVE-2024-2049

    Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.... Read more

    • Published: Mar. 12, 2024
    • Modified: Jul. 25, 2025

  • 5.3

    MEDIUM
    CVE-2024-33518

    An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected s... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 25, 2025
Showing 20 of 292517 Results