Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2021-28806

    A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2017-5201

    NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.... Read more

    Affected Products : clustered_data_ontap
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-20101

    A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to init... Read more

    Affected Products : projectsend
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2017-1214

    IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.... Read more

    Affected Products : inotes
    • Published: Jun. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2021-21725

    A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.... Read more

    Affected Products : zxhn_h196q_firmware zxhn_h196q
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-46551

    JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 (corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.... Read more

    Affected Products : jruby-openssl
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2024-5953

    A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.... Read more

    Affected Products : enterprise_linux
    • Published: Jun. 18, 2024
    • Modified: Feb. 18, 2025

  • 5.7

    MEDIUM
    CVE-2017-15532

    Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variable... Read more

    Affected Products : messaging_gateway message_gateway
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-15345

    Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot.... Read more

    Affected Products : lon-l29d_firmware lon-l29d
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-4875

    Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12... Read more

    Affected Products : debian_linux mutt
    • Published: Sep. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2017-13317

    In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed fo... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2022-39316

    FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it like... Read more

    Affected Products : fedora freerdp
    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2017-12339

    A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker cou... Read more

    Affected Products : nx-os lan_switch_software nx-os
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-12351

    A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perfo... Read more

    Affected Products : nx-os nx-os
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2024-43784

    lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username a... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 5.7

    MEDIUM
    CVE-2024-42491

    Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion start... Read more

    Affected Products : asterisk asterisk certified_asterisk
    • Published: Sep. 05, 2024
    • Modified: Aug. 26, 2025

  • 5.7

    MEDIUM
    CVE-2017-10389

    Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: PMS). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more

    Affected Products : hospitality_suite8
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-0936

    Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords th... Read more

    Affected Products : nextcloud_server
    • Published: Mar. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-21236

    CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regu... Read more

    Affected Products : cairosvg
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2016-3472

    Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Web Server.... Read more

    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 294836 Results