Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-32306

    Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.... Read more

    Affected Products : ac10u_firmware ac10u
    • Published: Apr. 17, 2024
    • Modified: Mar. 17, 2025

  • 5.7

    MEDIUM
    CVE-2022-28648

    In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered... Read more

    Affected Products : youtrack
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-51399

    Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can ... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 5.7

    MEDIUM
    CVE-2024-49501

    Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 5.7

    MEDIUM
    CVE-2023-46889

    Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This... Read more

    Affected Products : msh30q_firmware msh30q
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 5.7

    MEDIUM
    CVE-2017-13318

    In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitati... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2021-38451

    The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any o... Read more

    Affected Products : versiondog
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-31223

    SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed.... Read more

    Affected Products : endpoint_security
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-28195

    NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, e... Read more

    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-1081

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-0042

    Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX ... Read more

    Affected Products : identity_management_service
    • Published: Apr. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-21986

    Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows un... Read more

    Affected Products : graalvm
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2010-4110

    Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors.... Read more

    Affected Products : openvms openvms
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2016-5941

    IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.... Read more

    Affected Products : kenexa_lms kenexa_lms_on_cloud
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-10051

    Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows low privileged attacker with access to t... Read more

    Affected Products : outside_in_technology
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2018-9566

    In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privilege... Read more

    Affected Products : android
    • Published: Dec. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-16214

    Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can ente... Read more

    Affected Products : libra_core
    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-35208

    An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. ... Read more

    Affected Products : lastpass
    • Published: Dec. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-29456

    Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to r... Read more

    Affected Products : authelia
    • Published: Apr. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-18124

    A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords.... Read more

    Affected Products : indexhibit
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294795 Results