Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-50080

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with ne... Read more

    Affected Products : mysql mysql_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-50081

    Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network... Read more

    Affected Products : mysql mysql_cluster mysql_client
    • Published: Jul. 15, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-5023

    Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the pr... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-5022

    Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the produ... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2024-45497

    A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for ... Read more

    • Published: Dec. 31, 2024
    • Modified: Jul. 17, 2025

  • 5.1

    MEDIUM
    CVE-2024-6006

    A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cros... Read more

    Affected Products : zkbiosecurity_v5000
    • Published: Jun. 15, 2024
    • Modified: Jul. 17, 2025

  • 5.1

    MEDIUM
    CVE-2024-6005

    A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads t... Read more

    Affected Products : zkbiosecurity_v5000
    • Published: Jun. 15, 2024
    • Modified: Jul. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-5936

    An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sa... Read more

    Affected Products : privategpt privategpt
    • Published: Jun. 27, 2024
    • Modified: Jul. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-4343

    A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability aris... Read more

    Affected Products : privategpt
    • Published: Nov. 14, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-20867

    Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.... Read more

    Affected Products : email
    • Published: May. 07, 2024
    • Modified: Jul. 17, 2025

  • 7.1

    HIGH
    CVE-2024-20868

    Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions.... Read more

    Affected Products : notes
    • Published: May. 07, 2024
    • Modified: Jul. 17, 2025

  • 7.5

    HIGH
    CVE-2025-20915

    Out-of-bounds read in applying binary of voice content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-20914

    Out-of-bounds read in applying binary of hand writing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-20913

    Out-of-bounds read in applying binary of drawing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.4

    MEDIUM
    CVE-2025-20901

    Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory.... Read more

    Affected Products : blockchain_keystore
    • Published: Feb. 04, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-20900

    Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.... Read more

    Affected Products : blockchain_keystore
    • Published: Feb. 04, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-20898

    Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.... Read more

    Affected Products : members
    • Published: Feb. 04, 2025
    • Modified: Jul. 17, 2025

  • 4.6

    MEDIUM
    CVE-2025-20894

    Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.... Read more

    Affected Products : email
    • Published: Feb. 04, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-6200

    The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : geodirectory geodirectory
    • Published: Jul. 11, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-2942

    The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information... Read more

    • Published: Jul. 11, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291908 Results