Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-20840

    Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen.... Read more

    Affected Products : android voice_recorder
    • Published: Mar. 05, 2024
    • Modified: Feb. 14, 2025

  • 5.7

    MEDIUM
    CVE-2024-20692

    Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability... Read more

    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2015-0501

    Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.... Read more

    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2024-1695

    A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.... Read more

    Affected Products :
    • Published: May. 06, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2013-6367

    The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2020-14617

    Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12; Mobile App: Prior to 20.6. Easily exploitable vulnera... Read more

    Affected Products : primavera_unifier
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-21970

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise O... Read more

    Affected Products : bi_publisher
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-3588

    The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-t... Read more

    Affected Products : kexec-tools
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2011-2723

    The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (sy... Read more

    Affected Products : linux_kernel
    • Published: Sep. 06, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2020-16144

    When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to per... Read more

    Affected Products : files_antivirus
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-1576

    The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers ... Read more

    • Published: Aug. 31, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2024-13870

    An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed fir... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2020-15118

    In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags ... Read more

    Affected Products : wagtail wagtail
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2010-4438

    Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).... Read more

    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2021-22194

    In all versions of GitLab, marshalled session keys were being stored in Redis.... Read more

    Affected Products : gitlab
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-0714

    Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a pack... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: May. 04, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2010-3017

    Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors.... Read more

    Affected Products : access_manager_agent
    • Published: Sep. 09, 2010
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2022-47951

    An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that ... Read more

    Affected Products : debian_linux glance nova cinder glance
    • Published: Jan. 26, 2023
    • Modified: Mar. 31, 2025

  • 5.7

    MEDIUM
    CVE-2024-11703

    On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.... Read more

    Affected Products : firefox
    • Published: Nov. 26, 2024
    • Modified: Apr. 05, 2025

  • 5.7

    MEDIUM
    CVE-2019-0949

    A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-... Read more

    • Published: May. 16, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294755 Results