Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2020-25656

    A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerabilit... Read more

    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2017-10268

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privile... Read more

    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.1

    MEDIUM
    CVE-2024-10638

    The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    • Published: Mar. 25, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2009-0900

    Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.... Read more

    Affected Products : websphere_mq
    • Published: Oct. 30, 2011
    • Modified: Apr. 11, 2025

  • 4.1

    MEDIUM
    CVE-2024-13176

    Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an at... Read more

    Affected Products : openssl
    • Published: Jan. 20, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Cryptography

  • 4.1

    MEDIUM
    CVE-2015-4874

    Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next... Read more

    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2021-2374

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Serve... Read more

    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-1544

    Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by d... Read more

    Affected Products : wolfssl
    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024

  • 4.1

    MEDIUM
    CVE-2020-2527

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege wit... Read more

    Affected Products : database database_server
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-29435

    An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.... Read more

    Affected Products : alldata
    • Published: Apr. 01, 2024
    • Modified: May. 07, 2025

  • 4.1

    MEDIUM
    CVE-2020-2978

    Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role accou... Read more

    Affected Products : database
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2010-4458

    Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 4.1

    MEDIUM
    CVE-2024-42157

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails.... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-28922

    Secure Boot Security Feature Bypass Vulnerability... Read more

    • Published: Apr. 09, 2024
    • Modified: Jan. 08, 2025

  • 4.1

    MEDIUM
    CVE-2018-0250

    A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect ac... Read more

    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-26652

    In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_rele... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2024
    • Modified: Apr. 08, 2025

  • 4.1

    MEDIUM
    CVE-2024-54159

    stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Dec. 03, 2024

  • 4.1

    MEDIUM
    CVE-2025-3951

    The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress config... Read more

    Affected Products : wp-optimize
    • Published: Jun. 02, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2025-49846

    wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by t... Read more

    Affected Products : wire
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.1

    MEDIUM
    CVE-2025-27907

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other atta... Read more

    • Published: Apr. 22, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 293517 Results