Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-47094

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.... Read more

    Affected Products : checkmk checkmk
    • Published: Nov. 29, 2024
    • Modified: Dec. 03, 2024

  • 5.7

    MEDIUM
    CVE-2024-45611

    GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another ... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.7

    MEDIUM
    CVE-2018-16869

    A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use thi... Read more

    Affected Products : nettle
    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2012-1994

    HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information... Read more

    Affected Products : systems_insight_manager
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2018-14662

    It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.... Read more

    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2010-2811

    Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic.... Read more

    Affected Products : enterprise_virtualization
    • Published: Aug. 24, 2010
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2023-23628

    Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application... Read more

    Affected Products : metabase
    • Published: Jan. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-29974

    Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-53148

    Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2007-6561

    Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other ve... Read more

    Affected Products : pdflib
    • Published: Dec. 28, 2007
    • Modified: Apr. 09, 2025

  • 5.7

    MEDIUM
    CVE-2023-21965

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with net... Read more

    Affected Products : business_intelligence
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-21952

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with net... Read more

    Affected Products : business_intelligence
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-21448

    Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file.... Read more

    Affected Products : cloud
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2025-20044

    Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2025-20077

    Missing release of memory after effective lifetime in the UEFI OobRasMmbiHandlerDriver module for some Intel(R) reference server platforms may allow a privileged user to enable denial of service via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2019-12820

    A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while loggin... Read more

    Affected Products : i3_firmware i3
    • Published: Jul. 19, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2018-20941

    cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2019-0072

    An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. This issue affects: Juniper Networks SBR Carrier: 8.4.1 versions... Read more

    Affected Products : sbr_carrier
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2019-3749

    Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Tem... Read more

    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2020-7807

    A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONE... Read more

    • Published: Sep. 14, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294755 Results