Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2025-26398

    SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed... Read more

    Affected Products : database_performance_analyzer
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cryptography

  • 5.6

    MEDIUM
    CVE-2025-25683

    AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2025-25566

    Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. NOTE: the Supplier disputes this because the behavior is limited to a single allocation of a few hundred bytes with a com... Read more

    Affected Products : vpn
    • Published: Mar. 12, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2025-24157

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : macos
    • Published: Mar. 31, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-23393

    A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in  spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2025-22911

    RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICbasicREP function.... Read more

    Affected Products : re11s_firmware re11s
    • Published: Apr. 15, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2023-38537

    A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.... Read more

    Affected Products : whatsapp
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2025-22241

    File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “au... Read more

    Affected Products : salt
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 5.6

    MEDIUM
    CVE-2025-22242

    Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An att... Read more

    Affected Products : salt
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2025-21100

    Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.6

    MEDIUM
    CVE-2023-1998

    The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Apr. 21, 2023
    • Modified: Feb. 13, 2025

  • 5.6

    MEDIUM
    CVE-2022-3231

    Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.... Read more

    Affected Products : librenms
    • Published: Sep. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-39397

    aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.... Read more

    Affected Products : aliyun-oss-client
    • Published: Nov. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-22713

    Windows Hyper-V Denial of Service Vulnerability... Read more

    • Published: May. 10, 2022
    • Modified: Jan. 02, 2025

  • 5.6

    MEDIUM
    CVE-2022-21239

    Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : quickassist_technology
    • Published: May. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-1172

    Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.... Read more

    Affected Products : gpac
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2021-43246

    Windows Hyper-V Denial of Service Vulnerability... Read more

    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2025-7396

    In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assem... Read more

    Affected Products : wolfssl
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025

  • 5.6

    MEDIUM
    CVE-2024-35195

    Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verificati... Read more

    Affected Products :
    • Published: May. 20, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-3301

    A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause ... Read more

    Affected Products : enterprise_linux qemu
    • Published: Sep. 13, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294835 Results