Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2018-11075

    RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially explo... Read more

    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2006-3388

    Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-1912

    MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to... Read more

    Affected Products : mybulletinboard
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2021-39198

    OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no worka... Read more

    Affected Products : client_relationship_management
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-1002201

    zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.... Read more

    Affected Products : zt-zip
    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-2921

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows unauthenticated attac... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-55194

    Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server ... Read more

    Affected Products : part-db
    • Published: Aug. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-55003

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-... Read more

    Affected Products : openbao
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2019-5914

    V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.... Read more

    • Published: Feb. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-11894

    A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to do... Read more

    • Published: May. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-14683

    The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.... Read more

    Affected Products : import_users_from_csv_with_meta
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-2979

    Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Payments). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows low privileged attacker with n... Read more

    Affected Products : flexcube_direct_banking
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-3442

    The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConnect, the user’s browser is opened to a login screen in o... Read more

    Affected Products : duoconnect
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-7297

    Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.... Read more

    Affected Products : web_gateway mcafee_web_gateway
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-44744

    An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be ... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.7

    MEDIUM
    CVE-2024-49386

    Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.7

    MEDIUM
    CVE-2024-50994

    Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length parameters. These vulnerabilities allow attackers to ca... Read more

    Affected Products : r8500_firmware r8500
    • Published: Nov. 05, 2024
    • Modified: Apr. 22, 2025

  • 5.7

    MEDIUM
    CVE-2024-11358

    Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 5.7

    MEDIUM
    CVE-2024-42012

    GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's B... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Cryptography

  • 5.7

    MEDIUM
    CVE-2023-20515

    Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 294848 Results