Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-21533

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-21516

    Vulnerability in the Oracle Customer Care product of Oracle E-Business Suite (component: Service Requests). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via H... Read more

    Affected Products : e-business_suite customer_care
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-21506

    Vulnerability in the Oracle Project Foundation product of Oracle E-Business Suite (component: Technology Foundation). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network ac... Read more

    Affected Products : e-business_suite project_foundation
    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-21489

    Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2019-2483

    Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows... Read more

    Affected Products : istore
    • Published: Dec. 24, 2024
    • Modified: Jun. 23, 2025

  • 4.3

    MEDIUM
    CVE-2024-21206

    Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network ... Read more

    • Published: Oct. 15, 2024
    • Modified: Jun. 23, 2025

  • 8.6

    HIGH
    CVE-2025-2558

    The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server... Read more

    Affected Products : the_wound
    • Published: Apr. 24, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-20188

    A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to up... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-4727

    A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular exp... Read more

    Affected Products : meteor
    • Published: May. 15, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 9.0

    HIGH
    CVE-2025-4139

    A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor w... Read more

    Affected Products : ex6120_firmware ex6120
    • Published: Apr. 30, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4135

    A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vend... Read more

    Affected Products : wg302v2_firmware wg302v2
    • Published: Apr. 30, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-2357

    A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit ha... Read more

    Affected Products : dcmtk
    • Published: Mar. 17, 2025
    • Modified: Jun. 23, 2025

  • 7.5

    HIGH
    CVE-2025-1925

    A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to deni... Read more

    Affected Products : open5gs
    • Published: Mar. 04, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2024-8523

    A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument dat... Read more

    Affected Products : lmxcms
    • Published: Sep. 07, 2024
    • Modified: Jun. 23, 2025

  • 6.9

    MEDIUM
    CVE-2024-5193

    A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic. Affected is an unknown function of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to launch the... Read more

    Affected Products : tinyweb
    • Published: May. 22, 2024
    • Modified: Jun. 23, 2025

  • 4.8

    MEDIUM
    CVE-2024-4256

    A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation ... Read more

    Affected Products : savsoft_quiz
    • Published: Apr. 27, 2024
    • Modified: Jun. 23, 2025

  • 6.8

    MEDIUM
    CVE-2025-4043

    An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.... Read more

    Affected Products : ug65-868m-ea_firmware ug65-868m-ea
    • Published: May. 07, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-46721

    nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site (either via XSS, or otherwise) to bypass ... Read more

    Affected Products : nosurf
    • Published: May. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-54779

    Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php.... Read more

    Affected Products : pfsense_plus pfsense_ce
    • Published: May. 14, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4792

    A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component MDELETE Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exp... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293649 Results