Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2021-3409

    The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to cr... Read more

    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-38632

    BitLocker Security Feature Bypass Vulnerability... Read more

    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-45332

    Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disc... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2021-37865

    Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-37863

    Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-36284

    Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a br... Read more

    • Published: Sep. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-35606

    Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Notification Framework). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker with acc... Read more

    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-20521

    TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.... Read more

    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-52030

    Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 05, 2024
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2024-52028

    Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 05, 2024
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2024-52283

    Missing sanitation of inputs allowed arbitrary users to conduct a stored XSS attack that triggers for users that view a certain project... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 5.7

    MEDIUM
    CVE-2024-52026

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST reque... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52017

    Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : xr300_firmware xr300
    • Published: Nov. 05, 2024
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2024-52024

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST reques... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52013

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a c... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2021-33139

    Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: Feb. 09, 2022
    • Modified: May. 05, 2025

  • 5.7

    MEDIUM
    CVE-2021-33155

    Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: Feb. 09, 2022
    • Modified: May. 05, 2025

  • 5.7

    MEDIUM
    CVE-2024-51019

    Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 05, 2024
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2024-51020

    Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 05, 2024
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2024-51015

    Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 05, 2024
    • Modified: May. 02, 2025
Showing 20 of 294811 Results