Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2022-28195

    NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, e... Read more

    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-1081

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-0042

    Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX ... Read more

    Affected Products : identity_management_service
    • Published: Apr. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-21986

    Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows un... Read more

    Affected Products : graalvm
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2010-4110

    Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors.... Read more

    Affected Products : openvms openvms
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2016-5941

    IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.... Read more

    Affected Products : kenexa_lms kenexa_lms_on_cloud
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-10051

    Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows low privileged attacker with access to t... Read more

    Affected Products : outside_in_technology
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2018-9566

    In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privilege... Read more

    Affected Products : android
    • Published: Dec. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-16214

    Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can ente... Read more

    Affected Products : libra_core
    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-35208

    An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. ... Read more

    Affected Products : lastpass
    • Published: Dec. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-29456

    Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to r... Read more

    Affected Products : authelia
    • Published: Apr. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-18124

    A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords.... Read more

    Affected Products : indexhibit
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-41173

    Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability... Read more

    Affected Products : go_ethereum
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-29681

    Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.... Read more

    Affected Products : n301_firmware n301
    • Published: May. 01, 2023
    • Modified: Jan. 30, 2025

  • 5.7

    MEDIUM
    CVE-2022-41964

    BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see in... Read more

    Affected Products : bigbluebutton
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-33957

    notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation i... Read more

    Affected Products : notation notation-go
    • Published: Jun. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-4892

    Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp. ... Read more

    Affected Products : teedy
    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-36247

    Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products : raid_web_console
    • Published: Sep. 16, 2024
    • Modified: Sep. 23, 2024

  • 5.7

    MEDIUM
    CVE-2023-27370

    NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication i... Read more

    Affected Products : rax30_firmware rax30
    • Published: May. 03, 2024
    • Modified: Jan. 03, 2025

  • 5.7

    MEDIUM
    CVE-2024-29951

    Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. ... Read more

    Affected Products : brocade_sannav
    • Published: Apr. 17, 2024
    • Modified: Feb. 04, 2025
Showing 20 of 294755 Results