Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2024-29916

    The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" i... Read more

    Affected Products :
    • Published: Mar. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-32993

    Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: May. 14, 2024
    • Modified: Dec. 11, 2024

  • 5.6

    MEDIUM
    CVE-2024-1721

    Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1.... Read more

    Affected Products :
    • Published: May. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-4013

    A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was r... Read more

    Affected Products : gecko_software_development_kit
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-27461

    Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products : memory_and_storage_tool_gui
    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 5.6

    MEDIUM
    CVE-2021-23288

    The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Powe... Read more

    Affected Products : intelligent_power_protector
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-28193

    NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code ex... Read more

    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2020-14379

    A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.... Read more

    Affected Products : jboss_a-mq
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-25071

    NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-1460

    MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process.... Read more

    Affected Products :
    • Published: Mar. 07, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2018-6693

    An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivile... Read more

    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-41885

    Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's repo... Read more

    Affected Products :
    • Published: Dec. 24, 2024
    • Modified: Dec. 24, 2024

  • 5.6

    MEDIUM
    CVE-2024-44610

    PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 5.6

    MEDIUM
    CVE-2021-38986

    IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.... Read more

    Affected Products : mq mq_appliance
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-11022

    The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 5.6

    MEDIUM
    CVE-2024-11991

    Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. Ho... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 5.6

    MEDIUM
    CVE-2025-42996

    SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degr... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 5.6

    MEDIUM
    CVE-2024-8690

    A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then t... Read more

    Affected Products : cortex_xdr_agent windows
    • Published: Sep. 11, 2024
    • Modified: Oct. 15, 2024

  • 5.6

    MEDIUM
    CVE-2024-9104

    The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the 'ultimate_ai_change_pass' function. Th... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 5.6

    MEDIUM
    CVE-2022-43978

    There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of... Read more

    Affected Products : pandora_fms
    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294726 Results