Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2024-21126

    Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.23 and 21.3-21.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via D... Read more

    Affected Products : database_server
    • Published: Jul. 16, 2024
    • Modified: Jun. 18, 2025

  • 5.8

    MEDIUM
    CVE-2022-0072

    Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1... Read more

    Affected Products : openlitespeed
    • Published: Oct. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-4043

    NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.... Read more

    Affected Products : gpac debian_linux
    • Actively Exploited
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-44717

    Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.... Read more

    Affected Products : debian_linux go unix
    • Published: Jan. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2011-2768

    Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry ... Read more

    Affected Products : tor tor
    • Published: Dec. 23, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2021-39878

    A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code.... Read more

    Affected Products : gitlab
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-3799

    grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames... Read more

    Affected Products : grav-plugin-admin
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-3775

    showdoc is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : showdoc
    • Published: Nov. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-3776

    showdoc is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : showdoc
    • Published: Nov. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-3398

    Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.... Read more

    Affected Products : stormshield_network_security
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-39339

    The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0.... Read more

    Affected Products : telefication
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-37958

    Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-28961

    An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the pa... Read more

    • Published: Apr. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-30720

    A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-22981

    On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulner... Read more

    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-1591

    A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device. This vulnerability is due ... Read more

    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-5359

    Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.... Read more

    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-32069

    The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data.... Read more

    Affected Products : micollab
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-31810

    An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract informat... Read more

    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-5823

    Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux leap chrome backports
    • Published: Jun. 27, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results