Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2023-36672

    An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using ... Read more

    Affected Products : vpn
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-10973

    A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 5.7

    MEDIUM
    CVE-2023-6148

    Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user w... Read more

    Affected Products : policy_compliance
    • Published: Jan. 09, 2024
    • Modified: Feb. 13, 2025

  • 5.7

    MEDIUM
    CVE-2025-59378

    In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).... Read more

    Affected Products : guix
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-27233

    Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.... Read more

    Affected Products : zabbix
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2023-45725

    Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: *   list *   show *   rewrite *   update An att... Read more

    Affected Products : couchdb
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2018-3891

    An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger t... Read more

    • Published: Nov. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-36777

    Microsoft Exchange Server Information Disclosure Vulnerability... Read more

    Affected Products : exchange_server
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2018-3815

    The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated att... Read more

    Affected Products : communigate_pro
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-36531

    nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component.... Read more

    Affected Products : nukeviet egovernment
    • Published: Jun. 10, 2024
    • Modified: Sep. 15, 2025

  • 5.7

    MEDIUM
    CVE-2023-29456

    URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.... Read more

    Affected Products : zabbix frontend
    • Published: Jul. 13, 2023
    • Modified: Feb. 13, 2025

  • 5.7

    MEDIUM
    CVE-2018-3671

    Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information.... Read more

    Affected Products : saffron_memorybase
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-24493

    A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then re... Read more

    Affected Products : tenable.sc
    • Published: Jan. 26, 2023
    • Modified: Apr. 01, 2025

  • 5.7

    MEDIUM
    CVE-2018-3663

    Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information.... Read more

    Affected Products : saffron_memorybase
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-35838

    The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to sele... Read more

    Affected Products : windows wireguard
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-1178

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installatio... Read more

    Affected Products : gitlab
    • Published: May. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-8445

    The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.... Read more

    Affected Products :
    • Published: Sep. 05, 2024
    • Modified: Oct. 01, 2024

  • 5.7

    MEDIUM
    CVE-2022-37043

    An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will... Read more

    Affected Products : collaboration
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-2549

    NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.... Read more

    Affected Products : gpac
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-21557

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker ... Read more

    Affected Products : weblogic_server
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294726 Results