Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2024-21808

    Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 4.2

    MEDIUM
    CVE-2020-2599

    Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromis... Read more

    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-42795

    An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.... Read more

    Affected Products : music_management_system
    • Published: Sep. 16, 2024
    • Modified: Apr. 28, 2025

  • 4.2

    MEDIUM
    CVE-2022-39404

    Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are 1.6.3 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure wher... Read more

    Affected Products : mysql mysql_installer
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-47822

    Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the ... Read more

    Affected Products : directus
    • Published: Oct. 08, 2024
    • Modified: Apr. 14, 2025

  • 4.2

    MEDIUM
    CVE-2024-31205

    Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty ... Read more

    Affected Products : saleor
    • Published: Apr. 08, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2021-3011

    An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive phys... Read more

    Affected Products : k13 k21 k40 k9 titan_security_key 3a081 a7005a j2a081 j2d081_m59 j2d081_m61 +35 more products
    • Published: Jan. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-6197

    An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the o... Read more

    Affected Products : grafana
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-54566

    hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.... Read more

    Affected Products : qemu
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-54567

    hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.... Read more

    Affected Products : qemu
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-56608

    The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a broken cry... Read more

    • Published: Sep. 03, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cryptography

  • 4.2

    MEDIUM
    CVE-2025-58460

    A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, c... Read more

    Affected Products : opentelemetry
    • Published: Sep. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2024-54503

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.... Read more

    Affected Products : iphone_os ipados
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 4.2

    MEDIUM
    CVE-2024-12369

    A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization c... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Apr. 17, 2025

  • 4.2

    MEDIUM
    CVE-2025-23302

    NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2024-24254

    PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofenc... Read more

    Affected Products : px4_drone_autopilot
    • Published: Feb. 06, 2024
    • Modified: Jun. 05, 2025

  • 4.2

    MEDIUM
    CVE-2025-23377

    Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script... Read more

    Affected Products : powerprotect_data_manager
    • Published: Apr. 28, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2024-2260

    A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.... Read more

    Affected Products : zenml
    • Published: Apr. 16, 2024
    • Modified: Jun. 12, 2025

  • 4.2

    MEDIUM
    CVE-2022-21555

    Vulnerability in the MySQL Shell for VS Code product of Oracle MySQL (component: Shell: GUI). Supported versions that are affected are 1.1.8 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where... Read more

    Affected Products : mysql mysql_server mysql_shell
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-31929

    A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions), IEC 1Ph 7.4k... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication
Showing 20 of 293507 Results