Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2016-5941

    IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.... Read more

    Affected Products : kenexa_lms kenexa_lms_on_cloud
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-10051

    Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulnerability allows low privileged attacker with access to t... Read more

    Affected Products : outside_in_technology
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2018-9566

    In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privilege... Read more

    Affected Products : android
    • Published: Dec. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-16214

    Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can ente... Read more

    Affected Products : libra_core
    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-35208

    An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. ... Read more

    Affected Products : lastpass
    • Published: Dec. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-29456

    Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to r... Read more

    Affected Products : authelia
    • Published: Apr. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-18124

    A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords.... Read more

    Affected Products : indexhibit
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-41173

    Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability... Read more

    Affected Products : go_ethereum
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-29681

    Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.... Read more

    Affected Products : n301_firmware n301
    • Published: May. 01, 2023
    • Modified: Jan. 30, 2025

  • 5.7

    MEDIUM
    CVE-2022-41964

    BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see in... Read more

    Affected Products : bigbluebutton
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-33957

    notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation i... Read more

    Affected Products : notation notation-go
    • Published: Jun. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-4892

    Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp. ... Read more

    Affected Products : teedy
    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-36247

    Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products : raid_web_console
    • Published: Sep. 16, 2024
    • Modified: Sep. 23, 2024

  • 5.7

    MEDIUM
    CVE-2023-27370

    NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication i... Read more

    Affected Products : rax30_firmware rax30
    • Published: May. 03, 2024
    • Modified: Jan. 03, 2025

  • 5.7

    MEDIUM
    CVE-2024-29951

    Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. ... Read more

    Affected Products : brocade_sannav
    • Published: Apr. 17, 2024
    • Modified: Feb. 04, 2025

  • 5.7

    MEDIUM
    CVE-2023-29114

    System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: •     Wi-Fi access point credentials to which the EV charger can connect. •     APN web addre... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024

  • 5.7

    MEDIUM
    CVE-2021-31611

    The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LM... Read more

    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-52294

    Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025

  • 5.7

    MEDIUM
    CVE-2024-3972

    The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : similarity
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-51007

    Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : xr300_firmware xr300
    • Published: Nov. 05, 2024
    • Modified: May. 02, 2025
Showing 20 of 294832 Results