Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2024-1544

    Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by d... Read more

    Affected Products : wolfssl
    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024

  • 4.1

    MEDIUM
    CVE-2023-5342

    The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2025-45582

    GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an ... Read more

    Affected Products : tar
    • Published: Jul. 11, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 4.1

    MEDIUM
    CVE-2024-30148

    Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 4.1

    MEDIUM
    CVE-2025-23185

    Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access ... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.1

    MEDIUM
    CVE-2025-52357

    Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router (firmware V2.2.14), allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. Th... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2024-42157

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails.... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2009-5152

    Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation statu... Read more

    Affected Products : computrace_agent
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-12109

    The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    • Published: Mar. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2024-34664

    Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.... Read more

    Affected Products : android
    • Published: Oct. 08, 2024
    • Modified: Jul. 17, 2025

  • 4.1

    MEDIUM
    CVE-2020-8150

    A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2016-5463

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-... Read more

    Affected Products : siebel_ui_framework knowledge
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2024-21304

    Trusted Compute Base Elevation of Privilege Vulnerability... Read more

    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2006-7108

    login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt a... Read more

    Affected Products : util-linux
    • Published: Mar. 04, 2007
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2023-46840

    Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen. ... Read more

    Affected Products : xen
    • Published: Mar. 20, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2022-28192

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over fre... Read more

    Affected Products : virtual_gpu
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-24742

    SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site S... Read more

    Affected Products : crm_-_webclient_ui
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-45716

    Sametime is impacted by sensitive information passed in URL. ... Read more

    Affected Products : sametime
    • Published: Feb. 09, 2024
    • Modified: Jun. 03, 2025

  • 4.1

    MEDIUM
    CVE-2020-7303

    Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label.... Read more

    Affected Products : data_loss_prevention
    • Published: Aug. 13, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-20750

    In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780... Read more

    Affected Products : android mt6835 mt6886 mt6985 mt8791t mt8797 mt6983 mt8321 mt8673 mt8765 +13 more products
    • Published: Jun. 06, 2023
    • Modified: Jan. 07, 2025
Showing 20 of 293505 Results