Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-30722

    Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network ... Read more

    • Published: Apr. 15, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-3135

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their co... Read more

    Affected Products : localai
    • Published: Apr. 01, 2024
    • Modified: Jun. 27, 2025

  • 5.7

    MEDIUM
    CVE-2025-30737

    Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). The supported version that is affected is 24.200. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP ... Read more

    Affected Products : smart_view_for_office
    • Published: Apr. 15, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2023-36682

    Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7. ... Read more

    Affected Products : schema schema_pro
    • Published: Nov. 30, 2023
    • Modified: Jun. 27, 2025

  • 6.5

    MEDIUM
    CVE-2025-32385

    EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the ... Read more

    Affected Products : espocrm
    • Published: Apr. 16, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-29459

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-32788

    OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend p... Read more

    Affected Products : octoprint
    • Published: Apr. 22, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-45250

    MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url function of the app_doc/utils.py file.... Read more

    Affected Products : mrdoc
    • Published: May. 06, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-1564

    The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode... Read more

    Affected Products : schema schema_pro
    • Published: Mar. 25, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-34050

    Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go.... Read more

    Affected Products : onos traffic_steering_xapplication
    • Published: Apr. 30, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-10718

    In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fi... Read more

    Affected Products : phpipam
    • Published: Mar. 20, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.6

    MEDIUM
    CVE-2024-22724

    An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.... Read more

    Affected Products : oscommerce
    • Published: Mar. 21, 2024
    • Modified: Jun. 27, 2025

  • 6.5

    MEDIUM
    CVE-2025-48175

    In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.... Read more

    Affected Products : libavif
    • Published: May. 16, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-54000

    Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow... Read more

    Affected Products : mobile_security_framework
    • Published: Dec. 03, 2024
    • Modified: Jun. 27, 2025

  • 8.1

    HIGH
    CVE-2024-53999

    Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a m... Read more

    Affected Products : mobile_security_framework
    • Published: Dec. 03, 2024
    • Modified: Jun. 27, 2025

  • 7.8

    HIGH
    CVE-2025-43550

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43573

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43574

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43575

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43576

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 294123 Results