Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2015-6286

    Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016.... Read more

    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2016-2206

    The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrar... Read more

    • Published: Jul. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2017-18313

    Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobil... Read more

    • Published: Oct. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-19005

    zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.... Read more

    Affected Products : zrlog
    • Published: Aug. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-14845

    A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecti... Read more

    Affected Products : openshift
    • Published: Oct. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-6194

    An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.... Read more

    Affected Products : xclarity_administrator
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-8902

    An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.... Read more

    Affected Products : icms
    • Published: Feb. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-25507

    Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.... Read more

    Affected Products : samsung_flow flow
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-30277

    BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI),... Read more

    Affected Products : synapsys
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-12046

    Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files.... Read more

    Affected Products : softpac_project
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-30559

    The firmware update package for the wireless card is not properly signed and can be modified.... Read more

    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-3227

    Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.... Read more

    Affected Products : fossbilling
    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-36261

    Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products : raid_web_console
    • Published: Sep. 16, 2024
    • Modified: Sep. 23, 2024

  • 5.7

    MEDIUM
    CVE-2022-39899

    Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.... Read more

    Affected Products : android dex
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-49392

    Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.7

    MEDIUM
    CVE-2023-32263

    A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM serv... Read more

    Affected Products : dimensions_cm
    • Published: Jul. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-32730

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It's possible for forge an URL that... Read more

    Affected Products : xwiki
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-7698

    A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.... Read more

    • Published: Sep. 10, 2024
    • Modified: Aug. 22, 2025

  • 5.7

    MEDIUM
    CVE-2023-33684

    Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigne... Read more

    • Published: Jun. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-58102

    An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions.... Read more

    Affected Products : seq
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Denial of Service
Showing 20 of 294832 Results