Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2023-50121

    Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).... Read more

    • Published: Jan. 06, 2024
    • Modified: Apr. 17, 2025

  • 5.7

    MEDIUM
    CVE-2020-14292

    In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public... Read more

    Affected Products : covidsafe
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2018-2389

    Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.... Read more

    Affected Products : internet_graphics_server
    • Published: Feb. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2016-4315

    Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp.... Read more

    Affected Products : carbon
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2005-4825

    Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP s... Read more

    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.7

    MEDIUM
    CVE-2019-14680

    The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.... Read more

    Affected Products : admin-renamer-extended
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-3419

    A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service.... Read more

    Affected Products : zxmp_m721_dx_firmware zxmp_m721_dx
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-24721

    An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disprov... Read more

    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-5211

    The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file ... Read more

    Affected Products : p20_firmware p20
    • Published: Nov. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-32793

    Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blocklists or allowlists is vulnerable to a stored cross-site-... Read more

    Affected Products : pi-hole web_interface
    • Published: Aug. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-0245

    Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-25569

    Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any... Read more

    Affected Products : apollo
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-6146

    A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS... Read more

    Affected Products : private_cloud_platform
    • Published: Dec. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-29680

    Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.... Read more

    Affected Products : n301_firmware n301
    • Published: May. 01, 2023
    • Modified: Jan. 30, 2025

  • 5.7

    MEDIUM
    CVE-2024-7391

    ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction i... Read more

    Affected Products : home_flex_firmware home_flex
    • Published: Nov. 22, 2024
    • Modified: Dec. 03, 2024

  • 5.7

    MEDIUM
    CVE-2024-27106

    Vulnerable data in transit in GE HealthCare EchoPAC products... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-9469

    A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and t... Read more

    Affected Products : cortex_xdr_agent windows
    • Published: Oct. 09, 2024
    • Modified: Oct. 15, 2024

  • 5.7

    MEDIUM
    CVE-2024-51011

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2025-25188

    Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, ... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Cryptography

  • 5.7

    MEDIUM
    CVE-2022-43539

    A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information th... Read more

    Affected Products : clearpass_policy_manager
    • Published: Jan. 05, 2023
    • Modified: Apr. 10, 2025
Showing 20 of 294795 Results