Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2020-2563

    Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via ... Read more

    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-24328

    Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025

  • 4.2

    MEDIUM
    CVE-2025-32441

    Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack sessio... Read more

    Affected Products : rack
    • Published: May. 07, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Race Condition

  • 4.2

    MEDIUM
    CVE-2019-14353

    On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a... Read more

    Affected Products : one_firmware one
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-32765

    A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors. We have already fixed the vulner... Read more

    Affected Products : quts_hero qts
    • Published: Aug. 12, 2024
    • Modified: Aug. 12, 2024

  • 4.2

    MEDIUM
    CVE-2022-27893

    The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.... Read more

    Affected Products : osisoft-pi-web-connector
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2023-20847

    In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID... Read more

    Affected Products : android linux_kernel yocto iot_yocto mt6895 mt6897 mt6983 mt8781 mt8188 mt8195 +1 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-46336

    Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may ... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 4.2

    MEDIUM
    CVE-2025-57821

    Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configur... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-23302

    NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-23301

    NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-6707

    Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to ... Read more

    Affected Products : mongodb
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2025-58460

    A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, c... Read more

    Affected Products : opentelemetry
    • Published: Sep. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2022-29127

    BitLocker Security Feature Bypass Vulnerability... Read more

    • Published: May. 10, 2022
    • Modified: Jan. 02, 2025

  • 4.2

    MEDIUM
    CVE-2024-12369

    A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization c... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Apr. 17, 2025

  • 4.2

    MEDIUM
    CVE-2024-54503

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.... Read more

    Affected Products : iphone_os ipados
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 4.2

    MEDIUM
    CVE-2021-37436

    Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor ma... Read more

    Affected Products : echo_dot_firmware echo_dot
    • Published: Jul. 24, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-31929

    A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions), IEC 1Ph 7.4k... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 4.2

    MEDIUM
    CVE-2020-2777

    Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to com... Read more

    Affected Products : hyperion_financial_management
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-26080

    A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to impro... Read more

    Affected Products : iot_field_network_director
    • Published: Nov. 18, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293618 Results