Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2023-1178

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installatio... Read more

    Affected Products : gitlab
    • Published: May. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-8445

    The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.... Read more

    Affected Products :
    • Published: Sep. 05, 2024
    • Modified: Oct. 01, 2024

  • 5.7

    MEDIUM
    CVE-2022-37043

    An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will... Read more

    Affected Products : collaboration
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-2549

    NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.... Read more

    Affected Products : gpac
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-21557

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker ... Read more

    Affected Products : weblogic_server
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-32466

    Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitra... Read more

    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-31423

    Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an ... Read more

    Affected Products : brocade_sannav
    • Published: Aug. 31, 2023
    • Modified: Feb. 13, 2025

  • 5.7

    MEDIUM
    CVE-2023-30543

    @web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In ... Read more

    • Published: Apr. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-30309

    An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of service.... Read more

    Affected Products : di-7003g_firmware di-7003g
    • Published: May. 28, 2024
    • Modified: May. 30, 2025

  • 5.7

    MEDIUM
    CVE-2020-7253

    Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility.... Read more

    Affected Products : agent
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-29447

    An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.... Read more

    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-29060

    The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-28368

    TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked t... Read more

    Affected Products : t2600g-28sq_firmware t2600g-28sq
    • Published: Apr. 11, 2023
    • Modified: Feb. 10, 2025

  • 5.7

    MEDIUM
    CVE-2023-28261

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Apr. 27, 2023
    • Modified: Feb. 28, 2025

  • 5.7

    MEDIUM
    CVE-2023-27892

    Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on t... Read more

    Affected Products : keepkey_firmware keepkey
    • Published: May. 02, 2023
    • Modified: Jan. 30, 2025

  • 5.7

    MEDIUM
    CVE-2023-26441

    Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file sys... Read more

    • Published: Aug. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-25780

    It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in seri... Read more

    Affected Products : powerbpm
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-24428

    A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.... Read more

    Affected Products : bitbucket_oauth
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 5.7

    MEDIUM
    CVE-2023-23039

    An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vc... Read more

    Affected Products : linux_kernel
    • Published: Feb. 22, 2023
    • Modified: Mar. 20, 2025

  • 5.7

    MEDIUM
    CVE-2014-3321

    Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.... Read more

    • Published: Jul. 18, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294733 Results