Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2023-28261

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Apr. 27, 2023
    • Modified: Feb. 28, 2025

  • 5.7

    MEDIUM
    CVE-2023-27892

    Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on t... Read more

    Affected Products : keepkey_firmware keepkey
    • Published: May. 02, 2023
    • Modified: Jan. 30, 2025

  • 5.7

    MEDIUM
    CVE-2023-26441

    Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file sys... Read more

    • Published: Aug. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-25780

    It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in seri... Read more

    Affected Products : powerbpm
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-24428

    A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.... Read more

    Affected Products : bitbucket_oauth
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 5.7

    MEDIUM
    CVE-2023-23039

    An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vc... Read more

    Affected Products : linux_kernel
    • Published: Feb. 22, 2023
    • Modified: Mar. 20, 2025

  • 5.7

    MEDIUM
    CVE-2014-3321

    Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.... Read more

    • Published: Jul. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2013-5499

    The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.... Read more

    Affected Products : ios
    • Published: Oct. 10, 2013
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2024-47094

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.... Read more

    Affected Products : checkmk checkmk
    • Published: Nov. 29, 2024
    • Modified: Dec. 03, 2024

  • 5.7

    MEDIUM
    CVE-2024-45611

    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another ... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.7

    MEDIUM
    CVE-2018-16869

    A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use thi... Read more

    Affected Products : nettle
    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2012-1994

    HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information... Read more

    Affected Products : systems_insight_manager
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2018-14662

    It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.... Read more

    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2010-2811

    Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic.... Read more

    Affected Products : enterprise_virtualization
    • Published: Aug. 24, 2010
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2023-23628

    Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application... Read more

    Affected Products : metabase
    • Published: Jan. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-29974

    Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-53148

    Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2007-6561

    Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other ve... Read more

    Affected Products : pdflib
    • Published: Dec. 28, 2007
    • Modified: Apr. 09, 2025

  • 5.7

    MEDIUM
    CVE-2023-21965

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with net... Read more

    Affected Products : business_intelligence
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-21952

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with net... Read more

    Affected Products : business_intelligence
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294742 Results