Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2018-2921

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows unauthenticated attac... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-55194

    Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server ... Read more

    Affected Products : part-db
    • Published: Aug. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-55003

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-... Read more

    Affected Products : openbao
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2019-5914

    V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.... Read more

    • Published: Feb. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-11894

    A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to do... Read more

    • Published: May. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-14683

    The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.... Read more

    Affected Products : import_users_from_csv_with_meta
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-2979

    Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Payments). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows low privileged attacker with n... Read more

    Affected Products : flexcube_direct_banking
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-3442

    The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConnect, the user’s browser is opened to a login screen in o... Read more

    Affected Products : duoconnect
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-7297

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.... Read more

    Affected Products : web_gateway mcafee_web_gateway
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-44744

    An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be ... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.7

    MEDIUM
    CVE-2024-49386

    Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.7

    MEDIUM
    CVE-2024-50994

    Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length parameters. These vulnerabilities allow attackers to ca... Read more

    Affected Products : r8500_firmware r8500
    • Published: Nov. 05, 2024
    • Modified: Apr. 22, 2025

  • 5.7

    MEDIUM
    CVE-2024-11358

    Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 5.7

    MEDIUM
    CVE-2024-42012

    GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's B... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Cryptography

  • 5.7

    MEDIUM
    CVE-2023-20515

    Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-25896

    A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2024-34035

    An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-2228

    The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possibl... Read more

    • Published: Mar. 26, 2025
    • Modified: Aug. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-2886

    Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target co... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-2885

    Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 294836 Results