Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2021-30496

    The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFram... Read more

    Affected Products : telegram
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-44674

    D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src.... Read more

    Affected Products : covr-2600r_firmware covr-2600r
    • Published: Oct. 07, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2023-4177

    A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexit... Read more

    Affected Products : empowerid
    • Published: Aug. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-51013

    Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 05, 2024
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2024-51016

    Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : xr300_firmware xr300
    • Published: Nov. 05, 2024
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2023-20523

    TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. ... Read more

    • Published: Jan. 11, 2023
    • Modified: Apr. 07, 2025

  • 5.7

    MEDIUM
    CVE-2015-4205

    Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.... Read more

    • Published: Jun. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2013-1189

    Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4/IPv6 dual-stack modem is used, allow remote attackers to cause a denial of service (routing-engine reload) via unspecified changes to IP address assignments, aka Bug ID CSCue15313.... Read more

    Affected Products : ubr10012
    • Published: Apr. 11, 2013
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2023-47635

    Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread a... Read more

    Affected Products : decidim
    • Published: Feb. 20, 2024
    • Modified: Dec. 16, 2024

  • 5.7

    MEDIUM
    CVE-2018-16464

    A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.... Read more

    Affected Products : nextcloud_server
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-0379

    In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Produ... Read more

    Affected Products : android
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-4606

    IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ... Read more

    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-20695

    Skype for Business Information Disclosure Vulnerability... Read more

    Affected Products : skype_for_business_server
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2015-6286

    Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016.... Read more

    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2016-2206

    The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrar... Read more

    • Published: Jul. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2017-18313

    Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobil... Read more

    • Published: Oct. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-19005

    zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.... Read more

    Affected Products : zrlog
    • Published: Aug. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-14845

    A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecti... Read more

    Affected Products : openshift
    • Published: Oct. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-6194

    An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.... Read more

    Affected Products : xclarity_administrator
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-8902

    An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.... Read more

    Affected Products : icms
    • Published: Feb. 18, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294795 Results