Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2024-12109

    The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    • Published: Mar. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2014-4274

    Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.... Read more

    Affected Products : mysql mariadb solaris
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2022-1974

    A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2006-7108

    login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt a... Read more

    Affected Products : util-linux
    • Published: Mar. 04, 2007
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2024-4029

    A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a m... Read more

    Affected Products : undertow
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2007-1345

    Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password res... Read more

    Affected Products : etrust_admin etrust_admin
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2007-0161

    The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifyi... Read more

    • Published: Jan. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2023-46840

    Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen. ... Read more

    Affected Products : xen
    • Published: Mar. 20, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2006-6753

    Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long str... Read more

    Affected Products : windows_event_viewer
    • Published: Dec. 27, 2006
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2019-14825

    A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credenti... Read more

    Affected Products : katello subscription_asset_manager
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-3072

    HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.... Read more

    Affected Products : nomad
    • Published: Jul. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-7303

    Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label.... Read more

    Affected Products : data_loss_prevention
    • Published: Aug. 13, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2021-33596

    Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly ... Read more

    Affected Products : safe
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-45716

    Sametime is impacted by sensitive information passed in URL. ... Read more

    Affected Products : sametime
    • Published: Feb. 09, 2024
    • Modified: Jun. 03, 2025

  • 4.1

    MEDIUM
    CVE-2024-24742

    SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site S... Read more

    Affected Products : crm_-_webclient_ui
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-20750

    In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780... Read more

    Affected Products : android mt6835 mt6886 mt6985 mt8791t mt8797 mt6983 mt8321 mt8673 mt8765 +13 more products
    • Published: Jun. 06, 2023
    • Modified: Jan. 07, 2025

  • 4.1

    MEDIUM
    CVE-2024-21180

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with ne... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2022-24929

    Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.... Read more

    Affected Products : android dex
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2016-1490

    The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.... Read more

    Affected Products : shareit
    • Published: Jan. 26, 2016
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2021-1221

    A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input vali... Read more

    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293412 Results