Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-53244

    In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.7

    MEDIUM
    CVE-2022-30625

    Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the direct... Read more

    Affected Products : p5e_gnss_firmware p5e_gnss
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-27774

    An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-27481

    A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not pr... Read more

    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-27152

    Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.... Read more

    • Published: Apr. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-22284

    Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication... Read more

    Affected Products : internet
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-21979

    Microsoft Exchange Server Information Disclosure Vulnerability... Read more

    Affected Products : exchange_server
    • Published: Aug. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-21609

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with... Read more

    Affected Products : business_intelligence
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-0963

    Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-54128

    Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which ca... Read more

    Affected Products : directus
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 5.7

    MEDIUM
    CVE-2021-41355

    .NET Core and Visual Studio Information Disclosure Vulnerability... Read more

    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-41188

    Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to ... Read more

    Affected Products : shopware
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-52515

    Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview... Read more

    Affected Products : notes
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 5.7

    MEDIUM
    CVE-2021-3844

    Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential... Read more

    Affected Products : insightvm
    • Published: Mar. 24, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-3572

    A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. Th... Read more

    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-3409

    The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to cr... Read more

    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-38632

    BitLocker Security Feature Bypass Vulnerability... Read more

    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-45332

    Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disc... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2021-37865

    Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-37863

    Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results