Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2021-40041

    There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Su... Read more

    Affected Products : ws318n-21_firmware ws318n-21
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-36036

    Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 27, 2024
    • Modified: May. 16, 2025

  • 4.2

    MEDIUM
    CVE-2015-7269

    Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, ... Read more

    Affected Products : st500lt015_firmware st500lt015
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2025-56608

    The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a broken cry... Read more

    • Published: Sep. 03, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cryptography

  • 4.2

    MEDIUM
    CVE-2023-26282

    IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415.... Read more

    Affected Products : watson_cp4d_data_stores
    • Published: Mar. 05, 2024
    • Modified: Jan. 29, 2025

  • 4.2

    MEDIUM
    CVE-2024-2260

    A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.... Read more

    Affected Products : zenml
    • Published: Apr. 16, 2024
    • Modified: Jun. 12, 2025

  • 4.2

    MEDIUM
    CVE-2019-12762

    Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.... Read more

    • Published: Jun. 06, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2019-14353

    On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a... Read more

    Affected Products : one_firmware one
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-2440

    CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in fa... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Information Disclosure

  • 4.2

    MEDIUM
    CVE-2024-39081

    An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.... Read more

    Affected Products : smart_tyre_car_\&_bike
    • Published: Sep. 18, 2024
    • Modified: Mar. 17, 2025

  • 4.2

    MEDIUM
    CVE-2023-20846

    In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Iss... Read more

    Affected Products : android linux_kernel yocto iot_yocto mt6895 mt6897 mt6983 mt8781 mt8188 mt8195 +1 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-11197

    The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attacke... Read more

    Affected Products : lock_user_account
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2022-3244

    The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce... Read more

    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.2

    MEDIUM
    CVE-2025-23302

    NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-23301

    NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2024-31965

    A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversa... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-41597

    Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.... Read more

    Affected Products : processwire
    • Published: Jul. 19, 2024
    • Modified: Jul. 09, 2025

  • 4.2

    MEDIUM
    CVE-2025-31929

    A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions), IEC 1Ph 7.4k... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 4.2

    MEDIUM
    CVE-2023-20839

    In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID... Read more

    Affected Products : android linux_kernel yocto iot_yocto mt6895 mt6897 mt2713 mt6983 mt8673 mt8188 +2 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2022-21555

    Vulnerability in the MySQL Shell for VS Code product of Oracle MySQL (component: Shell: GUI). Supported versions that are affected are 1.1.8 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where... Read more

    Affected Products : mysql mysql_server mysql_shell
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293289 Results