Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2024-28922

    Secure Boot Security Feature Bypass Vulnerability... Read more

    • Published: Apr. 09, 2024
    • Modified: Jan. 08, 2025

  • 4.1

    MEDIUM
    CVE-2018-0250

    A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect ac... Read more

    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2014-0872

    The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.... Read more

    Affected Products : security_key_lifecycle_manager
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2016-7094

    Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.... Read more

    Affected Products : xen
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2010-0306

    The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of s... Read more

    Affected Products : kvm
    • Published: Feb. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.1

    MEDIUM
    CVE-2024-37663

    Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.... Read more

    • Published: Jun. 17, 2024
    • Modified: Jul. 09, 2025

  • 4.1

    MEDIUM
    CVE-2019-2535

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure whe... Read more

    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2014-4203

    Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Property Edit... Read more

    Affected Products : hyperion
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2023-52862

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initi... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 02, 2025

  • 4.1

    MEDIUM
    CVE-2024-31843

    An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.... Read more

    Affected Products : embrace
    • Published: May. 23, 2024
    • Modified: May. 21, 2025

  • 4.1

    MEDIUM
    CVE-2023-6120

    The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary loca... Read more

    • Published: Dec. 09, 2023
    • Modified: Feb. 20, 2025

  • 4.1

    MEDIUM
    CVE-2024-21180

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with ne... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-52935

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Memory Corruption

  • 4.1

    MEDIUM
    CVE-2020-8150

    A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2021-2257

    Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows high privileged attacker... Read more

    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-6948

    A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check... Read more

    Affected Products :
    • Published: Apr. 02, 2024
    • Modified: Mar. 04, 2025

  • 4.1

    MEDIUM
    CVE-2025-4573

    Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execut... Read more

    Affected Products : mattermost_server
    • Published: Jun. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2022-48451

    In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2022-26888

    Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : quartus_prime
    • Published: Feb. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-20750

    In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780... Read more

    Affected Products : android mt6835 mt6886 mt6985 mt8791t mt8797 mt6983 mt8321 mt8673 mt8765 +13 more products
    • Published: Jun. 06, 2023
    • Modified: Jan. 07, 2025
Showing 20 of 293559 Results