Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2025-48710

    kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and r... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 4.1

    MEDIUM
    CVE-2024-32078

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212. ... Read more

    Affected Products : fv_flowplayer_video_player
    • Published: Apr. 24, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-2728

    Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol.... Read more

    Affected Products :
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2007-1226

    McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.... Read more

    Affected Products : virex
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2018-10812

    The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android... Read more

    Affected Products : bitcoin_wallet
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-6120

    The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary loca... Read more

    • Published: Dec. 09, 2023
    • Modified: Feb. 20, 2025

  • 4.1

    MEDIUM
    CVE-2022-2394

    Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.... Read more

    Affected Products : puppet_bolt bolt
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-34664

    Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.... Read more

    Affected Products : android
    • Published: Oct. 08, 2024
    • Modified: Jul. 17, 2025

  • 4.1

    MEDIUM
    CVE-2019-6512

    An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the exis... Read more

    Affected Products : api_manager
    • Published: May. 14, 2019
    • Modified: May. 30, 2025

  • 4.1

    MEDIUM
    CVE-2021-23219

    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to... Read more

    • Published: Nov. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2013-5208

    HR Systems Strategies info:HR HRIS 7.9 does not properly protect the database password, which allows local users to bypass intended database restrictions by accessing the USERPW registry key and bypassing an unspecified obfuscation technique.... Read more

    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.1

    MEDIUM
    CVE-2025-21494

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privilege... Read more

    Affected Products : mysql_server
    • Published: Jan. 21, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Denial of Service

  • 4.1

    MEDIUM
    CVE-2025-27027

    A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restric... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 4.1

    MEDIUM
    CVE-2020-26080

    A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to impro... Read more

    Affected Products : iot_field_network_director
    • Published: Nov. 18, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-33748

    Cross-site scripting (XSS) vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier.... Read more

    Affected Products :
    • Published: May. 07, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-21180

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with ne... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2022-24929

    Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.... Read more

    Affected Products : android dex
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2016-1490

    The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.... Read more

    Affected Products : shareit
    • Published: Jan. 26, 2016
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2018-1843

    The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to networ... Read more

    Affected Products : cloud_private
    • Published: Nov. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-31843

    An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.... Read more

    Affected Products : embrace
    • Published: May. 23, 2024
    • Modified: May. 21, 2025
Showing 20 of 293360 Results