Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2017-10389

    Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: PMS). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more

    Affected Products : hospitality_suite8
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-0936

    Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords th... Read more

    Affected Products : nextcloud_server
    • Published: Mar. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-21236

    CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regu... Read more

    Affected Products : cairosvg
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2016-3472

    Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Web Server.... Read more

    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2021-20844

    Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote a... Read more

    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-1708

    Windows GDI+ Information Disclosure Vulnerability... Read more

    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2016-6401

    Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494.... Read more

    Affected Products : carrier_routing_system
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2016-6375

    Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets an... Read more

    • Published: Sep. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2016-5947

    IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.... Read more

    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2024-2193

    A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from ... Read more

    Affected Products : xen
    • Published: Mar. 15, 2024
    • Modified: Apr. 30, 2025

  • 5.7

    MEDIUM
    CVE-2023-51589

    BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interactio... Read more

    Affected Products : bluez
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 5.7

    MEDIUM
    CVE-2016-3037

    IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.... Read more

    Affected Products : cognos_business_intelligence
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2022-23504

    TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site co... Read more

    Affected Products : typo3
    • Published: Dec. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-37895

    Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and s... Read more

    Affected Products : lobe_chat
    • Published: Jun. 17, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2019-14558

    Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: Oct. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-0129

    Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.... Read more

    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-0053

    Improper initialization in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent access.... Read more

    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-3590

    The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-depend... Read more

    Affected Products : kexec-tools
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2020-7932

    OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed i... Read more

    Affected Products : omero.web
    • Published: Jun. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-7567

    A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic soft... Read more

    Affected Products : modicon_m221_firmware modicon_m221
    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294742 Results