Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2023-43378

    A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento1_1 parameter.... Read more

    Affected Products : hoteldruid
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-46710

    Possible kernel exceptions caused by reading and writing kernel heap data after free.... Read more

    Affected Products : ddk
    • Published: Jun. 16, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2024-36428

    OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.... Read more

    Affected Products : orangehrm
    • Published: May. 27, 2024
    • Modified: Jun. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-35324

    Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php.... Read more

    Affected Products : douchat
    • Published: May. 28, 2024
    • Modified: Jun. 23, 2025

  • 5.9

    MEDIUM
    CVE-2024-29120

    In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrato... Read more

    Affected Products : streampark
    • Published: Jul. 17, 2024
    • Modified: Jun. 23, 2025

  • 4.4

    MEDIUM
    CVE-2025-21495

    Vulnerability in the MySQL Enterprise Firewall product of Oracle MySQL (component: Firewall). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attac... Read more

    Affected Products : mysql_enterprise_firewall
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-21557

    Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Expre... Read more

    Affected Products : application_express
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-28056

    rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component.... Read more

    Affected Products : rebuild
    • Published: May. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-43946

    TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal).... Read more

    Affected Products : ddi
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 4.5

    MEDIUM
    CVE-2025-21568

    Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security). The supported version that is affected is 11.2.19.0.000. Easily exploitable vulnerability allows high privileged attacker with... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 6.6

    MEDIUM
    CVE-2025-21569

    Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services). The supported version that is affected is 11.2.19.0.000. Difficult to exploit vulnerability allows high privileged attacker with netw... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 4.9

    MEDIUM
    CVE-2025-21583

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to ... Read more

    Affected Products : snapcenter mysql_server
    • Published: Apr. 15, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-43947

    Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc.... Read more

    Affected Products : klims
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-30721

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the ... Read more

    Affected Products : mysql_server
    • Published: Apr. 15, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-30691

    Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via... Read more

    • Published: Apr. 15, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-21552

    Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker ... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 4.2

    MEDIUM
    CVE-2025-21553

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure pr... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-21550

    Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Web UI). Supported versions that are affected are 8.0.8.1, 8.1.2.7 and 8.1.2.8. Easily exploitable vulnerability all... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-21549

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to c... Read more

    Affected Products : weblogic_server
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-21547

    Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and 5.6.27.1. Easily exploitable vulnerability allows unauthent... Read more

    Affected Products : hospitality_opera_5
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication
Showing 20 of 293631 Results