Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-29951

    Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. ... Read more

    Affected Products : brocade_sannav
    • Published: Apr. 17, 2024
    • Modified: Feb. 04, 2025

  • 5.7

    MEDIUM
    CVE-2023-29114

    System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: •     Wi-Fi access point credentials to which the EV charger can connect. •     APN web addre... Read more

    Affected Products :
    • Published: Nov. 05, 2024
    • Modified: Nov. 05, 2024

  • 5.7

    MEDIUM
    CVE-2021-31611

    The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LM... Read more

    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-52294

    Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025

  • 5.7

    MEDIUM
    CVE-2024-3972

    The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : similarity
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-51007

    Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : xr300_firmware xr300
    • Published: Nov. 05, 2024
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2020-10066

    Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr... Read more

    Affected Products : zephyr
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-57708

    An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it is a prototype pollution vulnerabil... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2022-0268

    Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.... Read more

    Affected Products : grav
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-34574

    An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini.... Read more

    Affected Products : wifi-repeater_firmware
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-1149

    Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.... Read more

    Affected Products : btcpay_server btcpayserver
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-2677

    Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HT... Read more

    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-46142

    Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.... Read more

    • Published: Dec. 13, 2022
    • Modified: Jan. 14, 2025

  • 5.7

    MEDIUM
    CVE-2024-28956

    Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2024-2199

    A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.... Read more

    Affected Products : enterprise_linux libssh
    • Published: May. 28, 2024
    • Modified: Feb. 18, 2025

  • 5.7

    MEDIUM
    CVE-2017-5042

    Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe a... Read more

    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2024-21853

    Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 5.7

    MEDIUM
    CVE-2024-41970

    A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 5.7

    MEDIUM
    CVE-2023-49614

    Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure.... Read more

    Affected Products : agilex_7_fpga_firmware
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2016-1156

    LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.... Read more

    Affected Products : mac_os_x windows line
    • Published: Feb. 19, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 294836 Results