Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2024-21058

    Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via ... Read more

    • Published: Apr. 16, 2024
    • Modified: Aug. 26, 2025

  • 5.1

    MEDIUM
    CVE-2024-20945

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle Gr... Read more

    Affected Products : jdk jre graalvm graalvm_for_jdk
    • Published: Feb. 17, 2024
    • Modified: Aug. 26, 2025

  • 5.4

    MEDIUM
    CVE-2024-12211

    Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.... Read more

    Affected Products : infinity
    • Published: Jan. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-11826

    The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shor... Read more

    Affected Products : quill_forms
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2024-11319

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.... Read more

    Affected Products : django_cms
    • Published: Nov. 18, 2024
    • Modified: Aug. 26, 2025

  • 5.4

    MEDIUM
    CVE-2024-10925

    A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML... Read more

    Affected Products : gitlab
    • Published: Mar. 03, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-0872

    The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to... Read more

    Affected Products : watu_quiz
    • Published: Apr. 09, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-0446

    A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data ... Read more

    • Published: Feb. 22, 2024
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2024-0083

    NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, de... Read more

    Affected Products :
    • Published: Apr. 08, 2024
    • Modified: Aug. 26, 2025

  • 5.5

    MEDIUM
    CVE-2024-10404

    CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with admini... Read more

    Affected Products : brocade_sannav
    • Published: Feb. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-1053

    Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption ke... Read more

    Affected Products : brocade_sannav
    • Published: Feb. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2024-2240

    Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.... Read more

    Affected Products : brocade_sannav
    • Published: Feb. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2024-10405

    Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zon... Read more

    Affected Products : brocade_sannav
    • Published: Feb. 15, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2024-4282

    Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.... Read more

    Affected Products : brocade_sannav
    • Published: Feb. 15, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-49385

    Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.... Read more

    Affected Products : windows maximum_security_2022
    • Published: Jun. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-49384

    Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.... Read more

    Affected Products : windows maximum_security_2022
    • Published: Jun. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2021-34185

    Miniaudio 0.10.35 has an integer-based buffer overflow caused by an out-of-bounds left shift in drwav_bytes_to_u32 in miniaudio.h... Read more

    Affected Products : miniaudio miniaudio
    • EPSS Score: %0.18
    • Published: Jun. 25, 2021
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2021-34184

    Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h.... Read more

    Affected Products : miniaudio miniaudio
    • EPSS Score: %0.38
    • Published: Jun. 25, 2021
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2024-55945

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.0

    HIGH
    CVE-2024-55924

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 292318 Results