Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-30744

    Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Multiplatform Sync Errors). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with netw... Read more

    Affected Products : mobile_field_service
    • Published: Jul. 15, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-30746

    Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to co... Read more

    Affected Products : istore
    • Published: Jul. 15, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-51770

    An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 14, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-51769

    An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 14, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2024-51768

    An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 14, 2025
    • Modified: Jul. 25, 2025

  • 7.3

    HIGH
    CVE-2024-51767

    An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.... Read more

    Affected Products : autopass_license_server
    • Published: Jul. 14, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2024-6151

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS... Read more

    Affected Products : virtual_apps_and_desktops
    • Published: Jul. 10, 2024
    • Modified: Jul. 25, 2025

  • 6.5

    MEDIUM
    CVE-2024-2049

    Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.... Read more

    • Published: Mar. 12, 2024
    • Modified: Jul. 25, 2025

  • 5.3

    MEDIUM
    CVE-2024-33518

    An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected s... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 25, 2025

  • 9.3

    CRITICAL
    CVE-2022-4978

    Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-7766

    Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2025-54072

    yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder (or {}), insufficient sanitization is applied to the expanded filepath, allowing for rem... Read more

    Affected Products : yt-dlp
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-7724

    An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-51482

    Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intend... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-51862

    Insecure Direct Object Reference (IDOR) vulnerability in TelegAI (telegai.com) thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected,... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-8015

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and... Read more

    Affected Products : shortcodes_ultimate
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-34142

    An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platform within the `/resources/sessions/sso` endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowi... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: XML External Entity

  • 7.0

    HIGH
    CVE-2025-51463

    Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the run_instruction API, which is extracted without path validation during restorat... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-51479

    Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended c... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-51462

    Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293186 Results