Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2024-29888

    Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its addr... Read more

    Affected Products : saleor
    • Published: Mar. 27, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-36036

    Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 27, 2024
    • Modified: May. 16, 2025

  • 4.2

    MEDIUM
    CVE-2024-24254

    PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofenc... Read more

    Affected Products : px4_drone_autopilot
    • Published: Feb. 06, 2024
    • Modified: Jun. 05, 2025

  • 4.2

    MEDIUM
    CVE-2020-2563

    Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via ... Read more

    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-20026

    In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID:... Read more

    Affected Products : android mt6779 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 mt6739 +10 more products
    • Published: Mar. 04, 2024
    • Modified: Apr. 22, 2025

  • 4.2

    MEDIUM
    CVE-2019-14353

    On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a... Read more

    Affected Products : one_firmware one
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-9690

    Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.... Read more

    Affected Products : magento
    • Published: Jul. 29, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2018-12076

    A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer's MarketCard balance, and also could lead to Customer Information Disclosure. The vulnerability is due ... Read more

    Affected Products : market_card
    • Published: Dec. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-57821

    Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configur... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-23301

    NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2021-37436

    Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor ma... Read more

    Affected Products : echo_dot_firmware echo_dot
    • Published: Jul. 24, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2022-39910

    Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.... Read more

    Affected Products : pass
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2022-20541

    In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: And... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 21, 2025

  • 4.2

    MEDIUM
    CVE-2024-7501

    The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 19, 2024

  • 4.2

    MEDIUM
    CVE-2025-26708

    There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service.... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-24856

    An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements ... Read more

    Affected Products :
    • Published: Mar. 16, 2025
    • Modified: Mar. 16, 2025
    • Vuln Type: Authentication

  • 4.2

    MEDIUM
    CVE-2025-25081

    Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2024-2260

    A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.... Read more

    Affected Products : zenml
    • Published: Apr. 16, 2024
    • Modified: Jun. 12, 2025

  • 4.2

    MEDIUM
    CVE-2024-55159

    GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the SortName parameter at /system/loginLog/list.... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Injection

  • 4.2

    MEDIUM
    CVE-2018-2800

    Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with net... Read more

    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293288 Results