Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-54961

    Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users.... Read more

    Affected Products : nagios_xi
    • Published: Feb. 20, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-22973

    An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content.... Read more

    Affected Products : qibocms_x1
    • Published: Feb. 20, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 9.4

    CRITICAL
    CVE-2024-1874

    In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply ... Read more

    Affected Products : fedora php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2024-2757

    In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that ... Read more

    Affected Products : php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025

  • 6.5

    MEDIUM
    CVE-2024-3096

    In PHP  version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.... Read more

    Affected Products : debian_linux php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025

  • 6.1

    MEDIUM
    CVE-2025-3901

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4.... Read more

    • Published: Apr. 23, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2022-21505

    In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure B... Read more

    Affected Products : linux
    • Published: Dec. 24, 2024
    • Modified: Jun. 18, 2025

  • 3.7

    LOW
    CVE-2024-21210

    Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via... Read more

    Affected Products : jdk jre java_se
    • Published: Oct. 15, 2024
    • Modified: Jun. 18, 2025

  • 3.7

    LOW
    CVE-2024-21208

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Or... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Oct. 15, 2024
    • Modified: Jun. 18, 2025

  • 3.1

    LOW
    CVE-2024-21174

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.23, 21.3-21.14 and 23.4. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privile... Read more

    Affected Products : database_server
    • Published: Jul. 16, 2024
    • Modified: Jun. 18, 2025

  • 6.1

    MEDIUM
    CVE-2024-21133

    Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Servlet). Supported versions that are affected are 12.2.1.4.0 and 12.2.1.19.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac... Read more

    Affected Products : reports_developer
    • Published: Jul. 16, 2024
    • Modified: Jun. 18, 2025

  • 5.8

    MEDIUM
    CVE-2024-21126

    Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.23 and 21.3-21.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via D... Read more

    Affected Products : database_server
    • Published: Jul. 16, 2024
    • Modified: Jun. 18, 2025

  • 2.3

    LOW
    CVE-2024-21123

    Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with logon to the infrastructure ... Read more

    Affected Products : database_server
    • Published: Jul. 16, 2024
    • Modified: Jun. 18, 2025

  • 8.2

    HIGH
    CVE-2024-21095

    Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 19.12.0-19.12.22, 20.12.0-20.12.21, 21.12.0-21.12.18, 22.12.0-22.12... Read more

    • Published: Apr. 16, 2024
    • Modified: Jun. 18, 2025

  • 4.2

    MEDIUM
    CVE-2024-21066

    Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with logon to the in... Read more

    Affected Products : database_server database_-_rdbms
    • Published: Apr. 16, 2024
    • Modified: Jun. 18, 2025

  • 7.1

    HIGH
    CVE-2023-3758

    A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.... Read more

    • Published: Apr. 18, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2024-31031

    An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow.... Read more

    Affected Products : fedora libcoap
    • Published: Apr. 17, 2024
    • Modified: Jun. 18, 2025

  • 6.5

    MEDIUM
    CVE-2024-1102

    A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.... Read more

    • Published: Apr. 25, 2024
    • Modified: Jun. 18, 2025

  • 4.3

    MEDIUM
    CVE-2024-3508

    A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompr... Read more

    Affected Products : trusted_profile_analyzer
    • Published: Apr. 25, 2024
    • Modified: Jun. 18, 2025

  • 6.8

    MEDIUM
    CVE-2024-33669

    An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS querie... Read more

    • Published: Apr. 26, 2024
    • Modified: Jun. 18, 2025
Showing 20 of 293654 Results