Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-32446

    Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the l... Read more

    • Published: Jul. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-35184

    Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled... Read more

    Affected Products :
    • Published: May. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-32635

    XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker.... Read more

    Affected Products : xbrl_data_create
    • Published: Jul. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-41278

    A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Team... Read more

    Affected Products : jt2go teamcenter_visualization
    • Published: Dec. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-3218

    A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The manipulation of the argument jsondata[callee]/jsondata[i... Read more

    Affected Products :
    • Published: Apr. 03, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-6129

    IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 ... Read more

    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2023-5745

    The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak... Read more

    Affected Products : reusable_text_blocks
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-6340

    SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulner... Read more

    Affected Products : netextender capture_client
    • Published: Jan. 18, 2024
    • Modified: Jun. 11, 2025

  • 5.5

    MEDIUM
    CVE-2022-41841

    An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.... Read more

    Affected Products : bento4
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2023-30085

    Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c.... Read more

    Affected Products : libming
    • Published: May. 09, 2023
    • Modified: Jan. 29, 2025

  • 5.5

    MEDIUM
    CVE-2023-3433

    The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for th... Read more

    Affected Products : jami
    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-33882

    In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-38676

    In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 5.5

    MEDIUM
    CVE-2023-30673

    Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction.... Read more

    Affected Products : smart_switch_pc
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-30716

    Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.... Read more

    Affected Products : android android dex
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-40659

    In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to loc... Read more

    Affected Products : android
    • Published: Sep. 11, 2024
    • Modified: Dec. 17, 2024

  • 5.5

    MEDIUM
    CVE-2025-9308

    A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this att... Read more

    Affected Products : yarn
    • Published: Aug. 21, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2022-3897

    The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated... Read more

    • Published: Nov. 29, 2022
    • Modified: Aug. 20, 2025

  • 5.5

    MEDIUM
    CVE-2025-1993

    IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database... Read more

    • Published: May. 09, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cryptography

  • 5.5

    MEDIUM
    CVE-2024-11268

    A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.... Read more

    Affected Products : revit
    • Published: Dec. 09, 2024
    • Modified: Aug. 18, 2025
Showing 20 of 294068 Results