Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2023-7031

    Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 ... Read more

    Affected Products : aura_experience_portal
    • Published: Jan. 17, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-0169

    Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to I... Read more

    Affected Products : unity_operating_environment
    • Published: Feb. 12, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-4694

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.... Read more

    Affected Products : memos
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-23933

    OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can rea... Read more

    Affected Products : opensearch
    • Published: Feb. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-47364

    In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Feb. 12, 2023
    • Modified: Mar. 26, 2025

  • 5.7

    MEDIUM
    CVE-2022-47369

    In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Feb. 12, 2023
    • Modified: Mar. 26, 2025

  • 5.7

    MEDIUM
    CVE-2022-47363

    In wlan driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service in wlan services.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Feb. 12, 2023
    • Modified: Mar. 26, 2025

  • 5.7

    MEDIUM
    CVE-2018-11293

    In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may... Read more

    Affected Products : android
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2017-14956

    AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send ... Read more

    Affected Products : unified_security_management
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2023-2630

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.... Read more

    Affected Products : pimcore
    • Published: May. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-3228

    Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.... Read more

    Affected Products : fossbilling
    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2017-17860

    In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphon... Read more

    Affected Products : android gear_s2 gear_s3
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-4454

    Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.... Read more

    Affected Products : wallabag
    • Published: Aug. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-31169

    An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instr... Read more

    Affected Products : sel-5030_acselerator_quickset
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-5257

    A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traver... Read more

    Affected Products : windows jndiexploit
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-24114

    Microsoft Teams iOS Information Disclosure Vulnerability... Read more

    Affected Products : teams
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-56733

    Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing sess... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 5.7

    MEDIUM
    CVE-2024-30629

    Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function.... Read more

    Affected Products : fh1205_firmware fh1205
    • Published: Mar. 29, 2024
    • Modified: Mar. 13, 2025

  • 5.7

    MEDIUM
    CVE-2023-0028

    Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+. ... Read more

    Affected Products : twake
    • Published: Jan. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-32312

    Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function.... Read more

    Affected Products : f1203_firmware f1203
    • Published: Apr. 17, 2024
    • Modified: Mar. 17, 2025
Showing 20 of 294799 Results