Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2023-40067

    Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 5.7

    MEDIUM
    CVE-2018-7930

    The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends ... Read more

    Affected Products : mate_9_firmware mate_9
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2017-9773

    Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver.... Read more

    Affected Products : horde_image
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2011-3589

    The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sens... Read more

    Affected Products : kexec-tools
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2018-6171

    Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.... Read more

    Affected Products : chrome
    • Published: Jun. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-33114

    Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: Feb. 09, 2022
    • Modified: May. 05, 2025

  • 5.7

    MEDIUM
    CVE-2025-26711

    There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2024-32607

    HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.... Read more

    Affected Products : hdf5
    • Published: May. 14, 2024
    • Modified: Apr. 18, 2025

  • 5.7

    MEDIUM
    CVE-2024-27766

    An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.... Read more

    Affected Products : mariadb
    • Published: Oct. 17, 2024
    • Modified: Jul. 10, 2025

  • 5.7

    MEDIUM
    CVE-2025-55111

    Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These ... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2023-36672

    An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using ... Read more

    Affected Products : vpn
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-10973

    A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 5.7

    MEDIUM
    CVE-2023-6148

    Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user w... Read more

    Affected Products : policy_compliance
    • Published: Jan. 09, 2024
    • Modified: Feb. 13, 2025

  • 5.7

    MEDIUM
    CVE-2025-59378

    In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).... Read more

    Affected Products : guix
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-27233

    Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.... Read more

    Affected Products : zabbix
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2023-45725

    Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: *   list *   show *   rewrite *   update An att... Read more

    Affected Products : couchdb
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2018-3891

    An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger t... Read more

    • Published: Nov. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-36777

    Microsoft Exchange Server Information Disclosure Vulnerability... Read more

    Affected Products : exchange_server
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2018-3815

    The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated att... Read more

    Affected Products : communigate_pro
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-36531

    nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component.... Read more

    Affected Products : nukeviet egovernment
    • Published: Jun. 10, 2024
    • Modified: Sep. 15, 2025
Showing 20 of 294740 Results