Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2020-7253

    Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility.... Read more

    Affected Products : agent
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-29447

    An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.... Read more

    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-29060

    The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-28368

    TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked t... Read more

    Affected Products : t2600g-28sq_firmware t2600g-28sq
    • Published: Apr. 11, 2023
    • Modified: Feb. 10, 2025

  • 5.7

    MEDIUM
    CVE-2023-28261

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Apr. 27, 2023
    • Modified: Feb. 28, 2025

  • 5.7

    MEDIUM
    CVE-2023-27892

    Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on t... Read more

    Affected Products : keepkey_firmware keepkey
    • Published: May. 02, 2023
    • Modified: Jan. 30, 2025

  • 5.7

    MEDIUM
    CVE-2023-26441

    Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file sys... Read more

    • Published: Aug. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-25780

    It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in seri... Read more

    Affected Products : powerbpm
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-24428

    A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.... Read more

    Affected Products : bitbucket_oauth
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 5.7

    MEDIUM
    CVE-2023-23039

    An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vc... Read more

    Affected Products : linux_kernel
    • Published: Feb. 22, 2023
    • Modified: Mar. 20, 2025

  • 5.7

    MEDIUM
    CVE-2014-3321

    Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.... Read more

    • Published: Jul. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2013-5499

    The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.... Read more

    Affected Products : ios
    • Published: Oct. 10, 2013
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2024-47094

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.... Read more

    Affected Products : checkmk checkmk
    • Published: Nov. 29, 2024
    • Modified: Dec. 03, 2024

  • 5.7

    MEDIUM
    CVE-2024-45611

    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another ... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.7

    MEDIUM
    CVE-2018-16869

    A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use thi... Read more

    Affected Products : nettle
    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2012-1994

    HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information... Read more

    Affected Products : systems_insight_manager
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2018-14662

    It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.... Read more

    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2010-2811

    Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic.... Read more

    Affected Products : enterprise_virtualization
    • Published: Aug. 24, 2010
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2023-23628

    Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application... Read more

    Affected Products : metabase
    • Published: Jan. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-29974

    Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 294723 Results