Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-21853

    Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 5.7

    MEDIUM
    CVE-2024-41970

    A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Aug. 27, 2025

  • 5.7

    MEDIUM
    CVE-2023-49614

    Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure.... Read more

    Affected Products : agilex_7_fpga_firmware
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2016-1156

    LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.... Read more

    Affected Products : mac_os_x windows line
    • Published: Feb. 19, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2024-33875

    HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.... Read more

    Affected Products : hdf5
    • Published: May. 14, 2024
    • Modified: Apr. 18, 2025

  • 5.7

    MEDIUM
    CVE-2025-32330

    In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote (proximal/adjacent) information disclosure with no additional execution... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2024-7347

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built ... Read more

    Affected Products : nginx_plus nginx_open_source
    • Published: Aug. 14, 2024
    • Modified: Sep. 05, 2025

  • 5.7

    MEDIUM
    CVE-2023-6944

    A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend,... Read more

    Affected Products : backstage red_hat_developer_hub
    • Published: Jan. 04, 2024
    • Modified: Sep. 05, 2025

  • 5.7

    MEDIUM
    CVE-2024-47820

    MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file perm... Read more

    Affected Products : markus
    • Published: Nov. 18, 2024
    • Modified: Sep. 04, 2025

  • 5.7

    MEDIUM
    CVE-2024-50996

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cr... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 07, 2025

  • 5.7

    MEDIUM
    CVE-2024-52016

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allo... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2025-25209

    The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor w... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2024-3130

    Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app ... Read more

    Affected Products :
    • Published: Apr. 01, 2024
    • Modified: Aug. 27, 2025

  • 5.7

    MEDIUM
    CVE-2024-26311

    Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the v... Read more

    Affected Products : archer
    • Published: Feb. 21, 2024
    • Modified: Mar. 18, 2025

  • 5.7

    MEDIUM
    CVE-2024-55582

    Oxide before 6 has unencrypted Control Plane datastores.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 11, 2024

  • 5.7

    MEDIUM
    CVE-2025-25208

    A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-25207

    The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is complete... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-53719

    Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-8997

    An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2022-3881

    The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as... Read more

    Affected Products : wptools
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 294836 Results