Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2006-6292

    Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-rela... Read more

    Affected Products : mac_os_x airport_extreme
    • Published: Dec. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.7

    MEDIUM
    CVE-2022-34212

    A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL.... Read more

    Affected Products : vrealize_orchestrator
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-43790

    iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0. ... Read more

    Affected Products : itop
    • Published: Apr. 15, 2024
    • Modified: Feb. 06, 2025

  • 5.7

    MEDIUM
    CVE-2023-42940

    A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.... Read more

    Affected Products : macos
    • Published: Dec. 19, 2023
    • Modified: May. 06, 2025

  • 5.7

    MEDIUM
    CVE-2017-13682

    In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In ... Read more

    Affected Products : encryption_desktop
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2018-9313

    The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.... Read more

    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-0489

    An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.... Read more

    Affected Products : gitlab
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-40544

    An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. ... Read more

    Affected Products : l206-f2g_firmware l206-f2g
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-40067

    Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 5.7

    MEDIUM
    CVE-2018-7930

    The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends ... Read more

    Affected Products : mate_9_firmware mate_9
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2017-9773

    Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver.... Read more

    Affected Products : horde_image
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2011-3589

    The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sens... Read more

    Affected Products : kexec-tools
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2018-6171

    Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.... Read more

    Affected Products : chrome
    • Published: Jun. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2021-33114

    Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: Feb. 09, 2022
    • Modified: May. 05, 2025

  • 5.7

    MEDIUM
    CVE-2025-26711

    There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2024-32607

    HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.... Read more

    Affected Products : hdf5
    • Published: May. 14, 2024
    • Modified: Apr. 18, 2025

  • 5.7

    MEDIUM
    CVE-2024-27766

    An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.... Read more

    Affected Products : mariadb
    • Published: Oct. 17, 2024
    • Modified: Jul. 10, 2025

  • 5.7

    MEDIUM
    CVE-2025-55111

    Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These ... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2023-36672

    An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using ... Read more

    Affected Products : vpn
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-10973

    A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024
Showing 20 of 294832 Results