Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2021-26377

    Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service.... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Denial of Service

  • 4.1

    MEDIUM
    CVE-2025-23185

    Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access ... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.1

    MEDIUM
    CVE-2025-8449

    CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 4.1

    MEDIUM
    CVE-2023-5342

    The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2023-46840

    Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen. ... Read more

    Affected Products : xen
    • Published: Mar. 20, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-8561

    A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that use... Read more

    Affected Products : kubernetes
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2025-54558

    OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2023-50786

    Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows ... Read more

    Affected Products : dradis
    • Published: Jul. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.1

    MEDIUM
    CVE-2024-2728

    Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol.... Read more

    Affected Products :
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2013-6205

    Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows local users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.... Read more

    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2020-29135

    cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).... Read more

    Affected Products : cpanel
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2006-6662

    Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.... Read more

    • Published: Dec. 20, 2006
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2022-48451

    In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-0199

    In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitatio... Read more

    Affected Products : android
    • Published: Jun. 11, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2018-2773

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attack... Read more

    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2018-13404

    The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from vers... Read more

    Affected Products : jira jira_server
    • Published: Feb. 13, 2019
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-20750

    In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780... Read more

    Affected Products : android mt6835 mt6886 mt6985 mt8791t mt8797 mt6983 mt8321 mt8673 mt8765 +13 more products
    • Published: Jun. 06, 2023
    • Modified: Jan. 07, 2025

  • 4.1

    MEDIUM
    CVE-2020-3502

    Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of paramet... Read more

    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-52935

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Memory Corruption

  • 4.1

    MEDIUM
    CVE-2020-26080

    A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to impro... Read more

    Affected Products : iot_field_network_director
    • Published: Nov. 18, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293507 Results