Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2025-21553

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure pr... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-21550

    Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Web UI). Supported versions that are affected are 8.0.8.1, 8.1.2.7 and 8.1.2.8. Easily exploitable vulnerability all... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-21549

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to c... Read more

    Affected Products : weblogic_server
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-21547

    Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and 5.6.27.1. Easily exploitable vulnerability allows unauthent... Read more

    Affected Products : hospitality_opera_5
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-21541

    Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access... Read more

    Affected Products : workflow
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-21535

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-21533

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-21516

    Vulnerability in the Oracle Customer Care product of Oracle E-Business Suite (component: Service Requests). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via H... Read more

    Affected Products : e-business_suite customer_care
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-21506

    Vulnerability in the Oracle Project Foundation product of Oracle E-Business Suite (component: Technology Foundation). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network ac... Read more

    Affected Products : e-business_suite project_foundation
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-21489

    Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2019-2483

    Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows... Read more

    Affected Products : istore
    • Published: Dec. 24, 2024
    • Modified: Jun. 23, 2025

  • 4.3

    MEDIUM
    CVE-2024-21206

    Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network ... Read more

    • Published: Oct. 15, 2024
    • Modified: Jun. 23, 2025

  • 8.6

    HIGH
    CVE-2025-2558

    The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server... Read more

    Affected Products : the_wound
    • Published: Apr. 24, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-20188

    A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to up... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-4727

    A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular exp... Read more

    Affected Products : meteor
    • Published: May. 15, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 9.0

    HIGH
    CVE-2025-4139

    A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor w... Read more

    Affected Products : ex6120_firmware ex6120
    • Published: Apr. 30, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4135

    A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vend... Read more

    Affected Products : wg302v2_firmware wg302v2
    • Published: Apr. 30, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-2357

    A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit ha... Read more

    Affected Products : dcmtk
    • Published: Mar. 17, 2025
    • Modified: Jun. 23, 2025

  • 7.5

    HIGH
    CVE-2025-1925

    A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to deni... Read more

    Affected Products : open5gs
    • Published: Mar. 04, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2024-8523

    A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument dat... Read more

    Affected Products : lmxcms
    • Published: Sep. 07, 2024
    • Modified: Jun. 23, 2025
Showing 20 of 293635 Results