Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2024-39285

    Improper access control in UEFI firmware in some Intel(R) Server M20NTP Family may allow a privileged user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 5.6

    MEDIUM
    CVE-2021-45664

    NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.... Read more

    Affected Products : r7000_firmware r7000
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-42527

    Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.... Read more

    Affected Products : android android dex
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-6814

    Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-2... Read more

    Affected Products :
    • Published: Mar. 12, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-32484

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.... Read more

    • Published: Oct. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-39384

    OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if ... Read more

    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2021-23287

    The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70.... Read more

    Affected Products : intelligent_power_manager
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-21983

    Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthentic... Read more

    Affected Products : application_express
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2021-46778

    Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an at... Read more

    • Published: Aug. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-36501

    Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity.... Read more

    Affected Products : emui harmonyos
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-43798

    BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled foll... Read more

    Affected Products : bigbluebutton
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2016-0339

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."... Read more

    • Published: Jul. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2022-32483

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.... Read more

    • Published: Oct. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-52349

    In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Apr. 08, 2024
    • Modified: Mar. 28, 2025

  • 5.6

    MEDIUM
    CVE-2024-30800

    PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Apr. 23, 2024
    • Modified: Jun. 30, 2025

  • 5.6

    MEDIUM
    CVE-2018-10593

    A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue ... Read more

    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2018-9056

    Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (... Read more

    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2025-50986

    diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting (XSS) vulnerabilities in its administrative settings interface. Various configuration fields such as ES_HOST, ES_INDEXREFRESH, ES_PORT, ES_SCROLLSIZE, ES_TRANSLOGSIZE,... Read more

    Affected Products : diskover
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2025-50985

    diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting (XSS) flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q (query), and doctype are directly echoed into the HTML r... Read more

    Affected Products : diskover
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2025-40929

    Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Denial of Service
Showing 20 of 294723 Results