Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2010-1389

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a ... Read more

    • Published: Jun. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-1119

    IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use... Read more

    Affected Products : marketing_operations
    • Published: Nov. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-2115

    Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.... Read more

    Affected Products : office
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2017-3509

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthentic... Read more

    Affected Products : jdk jre
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2021-3047

    A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a lon... Read more

    Affected Products : pan-os
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-4787

    IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading ... Read more

    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-21213

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 4.2

    MEDIUM
    CVE-2024-21808

    Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 4.2

    MEDIUM
    CVE-2022-21931

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2017-13675

    A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specif... Read more

    Affected Products : endpoint_encryption
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2024-42795

    An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.... Read more

    Affected Products : music_management_system
    • Published: Sep. 16, 2024
    • Modified: Apr. 28, 2025

  • 4.2

    MEDIUM
    CVE-2021-3011

    An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive phys... Read more

    Affected Products : k13 k21 k40 k9 titan_security_key 3a081 a7005a j2a081 j2d081_m59 j2d081_m61 +35 more products
    • Published: Jan. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-2599

    Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromis... Read more

    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-29888

    Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its addr... Read more

    Affected Products : saleor
    • Published: Mar. 27, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2014-3591

    Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuatio... Read more

    Affected Products : debian_linux libgcrypt gnupg
    • Published: Nov. 29, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-39081

    An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.... Read more

    Affected Products : smart_tyre_car_\&_bike
    • Published: Sep. 18, 2024
    • Modified: Mar. 17, 2025

  • 4.2

    MEDIUM
    CVE-2024-5891

    A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authe... Read more

    Affected Products : quay
    • Published: Jun. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2023-20839

    In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID... Read more

    Affected Products : android linux_kernel yocto iot_yocto mt6895 mt6897 mt2713 mt6983 mt8673 mt8188 +2 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2023-20846

    In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Iss... Read more

    Affected Products : android linux_kernel yocto iot_yocto mt6895 mt6897 mt6983 mt8781 mt8188 mt8195 +1 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-27413

    An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.... Read more

    Affected Products : mahavitaran
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293983 Results