Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-0772

    A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local... Read more

    Affected Products : sharealarmpro
    • Published: Jan. 22, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-27237

    In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Mar. 11, 2024
    • Modified: Mar. 25, 2025

  • 5.5

    MEDIUM
    CVE-2021-26737

    The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition. ... Read more

    Affected Products : client_connector
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-29085

    Improper access control for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-3048

    The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators... Read more

    Affected Products : bannerlid
    • Published: Apr. 26, 2024
    • Modified: May. 14, 2025

  • 5.5

    MEDIUM
    CVE-2023-32470

    Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of ... Read more

    Affected Products : digital_delivery
    • Published: Sep. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-5474

    A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation o... Read more

    Affected Products : dolby_vision_provisioning
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 5.5

    MEDIUM
    CVE-2024-35427

    vmir e8117 was discovered to contain a segmentation violation via the export_function function at /src/vmir_wasm_parser.c.... Read more

    Affected Products : vmir
    • Published: Nov. 08, 2024
    • Modified: Jun. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-6700

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.... Read more

    Affected Products : pega_platform infinity
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 5.5

    MEDIUM
    CVE-2023-28715

    Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Feb. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-34742

    In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction ... Read more

    Affected Products : android
    • Published: Aug. 15, 2024
    • Modified: Nov. 25, 2024

  • 5.5

    MEDIUM
    CVE-2024-9483

    A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.... Read more

    Affected Products : antivirus antivirus
    • Published: Oct. 04, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2025-4552

    A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The a... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2021-46516

    Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : mjs
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-29742

    In apply_minlock_constraint of dvfs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Apr. 05, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2021-46538

    Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_compact_strings at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : mjs
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-29498

    Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may b... Read more

    Affected Products : frenic_rhc_loader
    • Published: Jun. 13, 2023
    • Modified: Jan. 03, 2025

  • 5.5

    MEDIUM
    CVE-2021-46547

    Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : mjs
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-7437

    A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the arg... Read more

    Affected Products : simple_machines_forum
    • Published: Aug. 03, 2024
    • Modified: Sep. 11, 2024

  • 5.5

    MEDIUM
    CVE-2021-27487

    ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.... Read more

    Affected Products : defibrillator_dashboard
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293664 Results