Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2025-5942

    Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Success... Read more

    Affected Products : netskope
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2016-3060

    Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a c... Read more

    Affected Products : financial_transaction_manager
    • Published: Oct. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2016-3464

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to Accounts.... Read more

    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2018-2924

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attac... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-3415

    ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files.... Read more

    Affected Products : zxmw_nr8000_firmware zxmw_nr8000
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-7730

    MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.... Read more

    Affected Products : mywebsql
    • Published: Feb. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2017-3292

    Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2021-2445

    Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Difficult to exploit vulnerability allows high privileged attacker with network acces... Read more

    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-31221

    SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.... Read more

    Affected Products : endpoint_security
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-2338

    Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain th... Read more

    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-23738

    An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub E... Read more

    Affected Products : enterprise_server
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 5.7

    MEDIUM
    CVE-2021-41101

    wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `.wire.com` (including `wire.com`). This means that if so... Read more

    Affected Products : wire wire_server
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-43901

    IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for ... Read more

    • Published: Dec. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-23914

    Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an... Read more

    Affected Products :
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-50717

    NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed le... Read more

    Affected Products : nocodb nocodb
    • Published: May. 14, 2024
    • Modified: Aug. 26, 2025

  • 5.7

    MEDIUM
    CVE-2024-28446

    Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi.... Read more

    • Published: Mar. 19, 2024
    • Modified: Aug. 20, 2025

  • 5.7

    MEDIUM
    CVE-2023-3348

    The Wrangler command line tool  (<[email protected] or <[email protected]) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same ... Read more

    Affected Products : wrangler
    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-11165

    An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS to... Read more

    Affected Products : yugabytedb
    • Published: Nov. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-50997

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craft... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 01, 2025

  • 5.7

    MEDIUM
    CVE-2024-52029

    Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 05, 2024
    • Modified: May. 02, 2025
Showing 20 of 294846 Results