Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2025-53490

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - CampaignEvents Extensio... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2022-3971

    A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. ... Read more

    Affected Products : matrix_irc_bridge
    • Published: Nov. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2021-1071

    NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access ... Read more

    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2021-25357

    A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.... Read more

    Affected Products : android dex
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-39285

    Improper access control in UEFI firmware in some Intel(R) Server M20NTP Family may allow a privileged user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 5.6

    MEDIUM
    CVE-2021-45664

    NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.... Read more

    Affected Products : r7000_firmware r7000
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-42527

    Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.... Read more

    Affected Products : android android dex
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-6814

    Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-2... Read more

    Affected Products :
    • Published: Mar. 12, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-32484

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.... Read more

    • Published: Oct. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-39384

    OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if ... Read more

    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2021-23287

    The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70.... Read more

    Affected Products : intelligent_power_manager
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-21983

    Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthentic... Read more

    Affected Products : application_express
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2021-46778

    Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an at... Read more

    • Published: Aug. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-36501

    Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity.... Read more

    Affected Products : emui harmonyos
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-43798

    BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled foll... Read more

    Affected Products : bigbluebutton
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2016-0339

    IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."... Read more

    • Published: Jul. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2022-32483

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.... Read more

    • Published: Oct. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-52349

    In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Apr. 08, 2024
    • Modified: Mar. 28, 2025

  • 5.6

    MEDIUM
    CVE-2024-30800

    PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function.... Read more

    Affected Products : px4_drone_autopilot
    • Published: Apr. 23, 2024
    • Modified: Jun. 30, 2025

  • 5.6

    MEDIUM
    CVE-2018-10593

    A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue ... Read more

    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294726 Results