Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2021-43959

    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of J... Read more

    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-47688

    In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local access to a server can bypass the allow-list functionality because a file can be truncated in the OpenFileDescriptor action before the VerifyCanWrite action is performed.... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2020-27269

    In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate a... Read more

    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-6015

    Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.... Read more

    Affected Products : vault
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2021-31222

    SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed.... Read more

    Affected Products : endpoint_security
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-22784

    A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system.... Read more

    Affected Products : c-bus_toolkit
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-19268

    A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.... Read more

    Affected Products : dswjcms
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-36285

    Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a bru... Read more

    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-35203

    NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.... Read more

    Affected Products : ngeniusone
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-35601

    Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack product of Oracle PeopleSoft (component: Students Administration). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker with... Read more

    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-25501

    An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.... Read more

    Affected Products : android dex
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2016-8790

    Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 wi... Read more

    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2018-5448

    Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.... Read more

    • Published: May. 04, 2018
    • Modified: May. 22, 2025

  • 5.7

    MEDIUM
    CVE-2023-7031

    Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 ... Read more

    Affected Products : aura_experience_portal
    • Published: Jan. 17, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-0169

    Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to I... Read more

    Affected Products : unity_operating_environment
    • Published: Feb. 12, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-4694

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.... Read more

    Affected Products : memos
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-23933

    OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can rea... Read more

    Affected Products : opensearch
    • Published: Feb. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-47364

    In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Feb. 12, 2023
    • Modified: Mar. 26, 2025

  • 5.7

    MEDIUM
    CVE-2022-47369

    In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Feb. 12, 2023
    • Modified: Mar. 26, 2025

  • 5.7

    MEDIUM
    CVE-2022-47363

    In wlan driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service in wlan services.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Feb. 12, 2023
    • Modified: Mar. 26, 2025
Showing 20 of 294826 Results