Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2020-29135

    cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).... Read more

    Affected Products : cpanel
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2018-1843

    The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to networ... Read more

    Affected Products : cloud_private
    • Published: Nov. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-29194

    Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive ... Read more

    Affected Products : vitess
    • Published: Apr. 14, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2013-6713

    The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or ca... Read more

    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2009-1005

    Unspecified vulnerability in the Oracle Data Service Integrator (AquaLogic Data Services Platform) component in BEA Product Suite 10.3.0, 3.2, 3.0.1, and 3.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.... Read more

    Affected Products : bea_product_suite
    • Published: Apr. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2022-24466

    Windows Hyper-V Security Feature Bypass Vulnerability... Read more

    • Published: May. 10, 2022
    • Modified: Jan. 02, 2025

  • 4.1

    MEDIUM
    CVE-2021-39648

    In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2021-47534

    In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Add missing drm_crtc_commit_put Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a global state for the HVS, with each FIFO sto... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Apr. 01, 2025

  • 4.1

    MEDIUM
    CVE-2020-15141

    In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.... Read more

    Affected Products : openapi-python-client
    • Published: Aug. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2022-48451

    In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-26080

    A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to impro... Read more

    Affected Products : iot_field_network_director
    • Published: Nov. 18, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2022-1974

    A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-44384

    Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_... Read more

    Affected Products : discourse_jira
    • Published: Oct. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-21583

    Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/g... Read more

    Affected Products :
    • Published: Jul. 19, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-9828

    The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks... Read more

    Affected Products : taskbuilder
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 4.1

    MEDIUM
    CVE-2023-44255

    An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read e... Read more

    • Published: Nov. 12, 2024
    • Modified: Jan. 21, 2025

  • 4.1

    MEDIUM
    CVE-2024-51992

    Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 4.1

    MEDIUM
    CVE-2024-34664

    Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.... Read more

    Affected Products : android
    • Published: Oct. 08, 2024
    • Modified: Jul. 17, 2025

  • 4.1

    MEDIUM
    CVE-2021-44166

    An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, ev... Read more

    Affected Products : fortitoken_mobile
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2025-20651

    In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for ... Read more

    Affected Products : android openwrt yocto rdk-b mt6781 mt6789 mt6835 mt6855 mt6878 mt6879 +15 more products
    • Published: Mar. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292843 Results