Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2015-0578

    Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network, aka Bug ID CSCur45455.... Read more

    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2024-21306

    Microsoft Bluetooth Driver Spoofing Vulnerability... Read more

    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-4048

    In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previ... Read more

    Affected Products : fedora debian_linux wordpress
    • Published: Jun. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-30118

    HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.... Read more

    Affected Products : connections
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 5.7

    MEDIUM
    CVE-2020-3537

    A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability b... Read more

    Affected Products : jabber
    • Published: Sep. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-2101

    The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin ... Read more

    Affected Products : salon_booking_system
    • Published: Apr. 17, 2024
    • Modified: Apr. 14, 2025

  • 5.7

    MEDIUM
    CVE-2024-29166

    HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.... Read more

    Affected Products : hdf5
    • Published: May. 14, 2024
    • Modified: Apr. 18, 2025

  • 5.7

    MEDIUM
    CVE-2020-35207

    An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The PIN authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In ot... Read more

    Affected Products : lastpass
    • Published: Dec. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2014-3291

    Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bu... Read more

    Affected Products : wireless_lan_controller
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2024-28072

    A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. ... Read more

    Affected Products : serv-u
    • Published: May. 03, 2024
    • Modified: Feb. 25, 2025

  • 5.7

    MEDIUM
    CVE-2024-28023

    A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.... Read more

    Affected Products :
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-47827

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with acce... Read more

    Affected Products : argo_workflows
    • Published: Oct. 28, 2024
    • Modified: Nov. 05, 2024

  • 5.7

    MEDIUM
    CVE-2013-5527

    The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.... Read more

    Affected Products : ios_xe ios
    • Published: Oct. 10, 2013
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2020-27350

    APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions pr... Read more

    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2013-5184

    The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage ... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2020-27276

    SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which al... Read more

    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-27270

    SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate a... Read more

    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2013-4551

    Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "gu... Read more

    Affected Products : xen
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2020-27211

    Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase.... Read more

    Affected Products : nrf52840_firmware nrf52840
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-24823

    Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the ... Read more

    Affected Products : graylog
    • Published: Feb. 07, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294832 Results