Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2019-12762

    Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.... Read more

    • Published: Jun. 06, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-2777

    Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to com... Read more

    Affected Products : hyperion_financial_management
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-31929

    A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions), IEC 1Ph 7.4k... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 4.2

    MEDIUM
    CVE-2021-37436

    Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor ma... Read more

    Affected Products : echo_dot_firmware echo_dot
    • Published: Jul. 24, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2017-6770

    Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Ad... Read more

    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2023-51710

    EMS SQL Manager 3.6.2 (build 55333) for Oracle allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2018-8435

    A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.... Read more

    Affected Products : windows_10 windows_server_2016
    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2019-3828

    Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.... Read more

    Affected Products : ansible
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-26058

    Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.... Read more

    Affected Products : qloapps
    • Published: Feb. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 4.2

    MEDIUM
    CVE-2025-53543

    Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP response received. This vulnerability is fixed in 0.22.0.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2025-48939

    tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual <script> element. If an atta... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2023-45920

    Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or win... Read more

    Affected Products :
    • Published: Mar. 27, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-21066

    Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with logon to the in... Read more

    Affected Products : database_server database_-_rdbms
    • Published: Apr. 16, 2024
    • Modified: Jun. 18, 2025

  • 4.2

    MEDIUM
    CVE-2023-36559

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Oct. 13, 2023
    • Modified: Dec. 12, 2024

  • 4.2

    MEDIUM
    CVE-2020-0663

    An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an at... Read more

    Affected Products : edge windows_10 windows_server_2019
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2022-21930

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2021-43017

    Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of se... Read more

    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-25081

    Splinefont in FontForge through 20230101 allows command injection via crafted filenames.... Read more

    Affected Products : fedora debian_linux fontforge
    • Published: Feb. 26, 2024
    • Modified: Apr. 23, 2025

  • 4.2

    MEDIUM
    CVE-2020-13464

    The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module.... Read more

    Affected Products : cks32f103_firmware cks32f103
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-24363

    The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise se... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293624 Results