Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2023-30559

    The firmware update package for the wireless card is not properly signed and can be modified.... Read more

    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-3227

    Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.... Read more

    Affected Products : fossbilling
    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-36261

    Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products : raid_web_console
    • Published: Sep. 16, 2024
    • Modified: Sep. 23, 2024

  • 5.7

    MEDIUM
    CVE-2022-39899

    Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.... Read more

    Affected Products : android dex
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-49392

    Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more

    Affected Products : cyber_files
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 5.7

    MEDIUM
    CVE-2023-32263

    A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM serv... Read more

    Affected Products : dimensions_cm
    • Published: Jul. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-32730

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It's possible for forge an URL that... Read more

    Affected Products : xwiki
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-7698

    A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.... Read more

    • Published: Sep. 10, 2024
    • Modified: Aug. 22, 2025

  • 5.7

    MEDIUM
    CVE-2023-33684

    Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigne... Read more

    • Published: Jun. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-58102

    An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions.... Read more

    Affected Products : seq
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-20047

    Improper locking in the Intel(R) Integrated Connectivity I/O interface (CNVi) for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-2102

    Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2024-46327

    An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal.... Read more

    Affected Products : vap11g-300_firmware vap11g-300
    • Published: Sep. 26, 2024
    • Modified: Jun. 24, 2025

  • 5.7

    MEDIUM
    CVE-2023-38491

    Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors ... Read more

    Affected Products : kirby
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-52509

    Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and t... Read more

    Affected Products : mail notes
    • Published: Nov. 15, 2024
    • Modified: Sep. 04, 2025

  • 5.7

    MEDIUM
    CVE-2024-52361

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain text which can be read by an authenticated user with access to the pod.... Read more

    • Published: Dec. 18, 2024
    • Modified: Aug. 08, 2025

  • 5.7

    MEDIUM
    CVE-2022-34572

    An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt.... Read more

    Affected Products : wifi-repeater_firmware
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-50121

    Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).... Read more

    • Published: Jan. 06, 2024
    • Modified: Apr. 17, 2025

  • 5.7

    MEDIUM
    CVE-2020-14292

    In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public... Read more

    Affected Products : covidsafe
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2018-2389

    Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.... Read more

    Affected Products : internet_graphics_server
    • Published: Feb. 14, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results