Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-9194

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, f... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Sep. 30, 2024
    • Modified: Jul. 02, 2025

  • 6.9

    MEDIUM
    CVE-2025-0589

    In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directo... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-0525

    In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-0513

    In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-0588

    In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would r... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-0539

    In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potenti... Read more

    Affected Products : windows octopus_server
    • Published: Apr. 10, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-0526

    In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.... Read more

    Affected Products : windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-6555

    Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-6556

    Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-24042

    Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability... Read more

    Affected Products : visual_studio_code vscode-js-debug
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6580

    A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the component Login. The manipulation of the argument Username leads to sql injection. It is possible to launch th... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-24039

    Visual Studio Code Elevation of Privilege Vulnerability... Read more

    Affected Products : visual_studio_code
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-6581

    A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-customer.php. The manipulation of the argument name/email/mobilenum/gender/det... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6582

    A vulnerability, which was classified as critical, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /edit-customer-detailed.php. The manipulation of the argument editid lea... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6583

    A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /view-appointment.php. The manipulation of the argument viewid leads to sql injection. It is possible... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-6613

    A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site ... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2023-36052

    Azure CLI REST Command Information Disclosure Vulnerability... Read more

    • Published: Nov. 14, 2023
    • Modified: Jul. 02, 2025

  • 7.8

    HIGH
    CVE-2025-24046

    Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-6604

    A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add-staff.php. The manipulation of the argument Name leads to sql injection. It is possible to initia... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-30719

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle ... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 15, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293684 Results