Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-21154

    Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Human Resources). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access ... Read more

    • Published: Jul. 16, 2024
    • Modified: Jun. 17, 2025

  • 8.1

    HIGH
    CVE-2024-21153

    Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs). The supported version that is affected is 12.2.13. Easily exploitable vulnerability allows low privileged att... Read more

    • Published: Jul. 16, 2024
    • Modified: Jun. 17, 2025

  • 7.4

    HIGH
    CVE-2024-21147

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; O... Read more

    • Published: Jul. 16, 2024
    • Modified: Jun. 17, 2025

  • 8.1

    HIGH
    CVE-2024-21152

    Vulnerability in the Oracle Process Manufacturing Financials product of Oracle E-Business Suite (component: Allocation Rules). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows low privileged attacker with ... Read more

    Affected Products : process_manufacturing_financials
    • Published: Jul. 16, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-34982

    An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : lylme_spage
    • Published: May. 17, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-36674

    LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php.... Read more

    Affected Products : lylme_spage
    • Published: Jun. 03, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-45192

    An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no long... Read more

    Affected Products : olm
    • Published: Aug. 22, 2024
    • Modified: Jun. 17, 2025

  • 4.3

    MEDIUM
    CVE-2024-45193

    An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects produc... Read more

    Affected Products : olm
    • Published: Aug. 22, 2024
    • Modified: Jun. 17, 2025

  • 4.8

    MEDIUM
    CVE-2025-4325

    A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The manipulation of the argument Name leads to cross site sc... Read more

    Affected Products : mrcms
    • Published: May. 06, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-4326

    A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of the file /admin/chip/add.do of the component Add Fragment Page. The manipulation leads to cross site scripting. The attack may be initiat... Read more

    Affected Products : mrcms
    • Published: May. 06, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2025-32441

    Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack sessio... Read more

    Affected Products : rack
    • Published: May. 07, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Race Condition

  • 6.1

    MEDIUM
    CVE-2024-28063

    Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS.... Read more

    Affected Products : totemomail
    • Published: May. 18, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2025-46727

    Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parame... Read more

    Affected Products : rack
    • Published: May. 07, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-55651

    i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuári... Read more

    Affected Products : i-educar
    • Published: May. 08, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-28389

    Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.... Read more

    Affected Products : cosmos
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-45818

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php.... Read more

    • Published: May. 08, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-45819

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.... Read more

    • Published: May. 08, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-45820

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php.... Read more

    • Published: May. 08, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-28388

    OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.... Read more

    Affected Products : cosmos
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-32390

    EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base (KB) articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge articl... Read more

    Affected Products : espocrm
    • Published: May. 12, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293602 Results