Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2019-14825

    A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credenti... Read more

    Affected Products : katello subscription_asset_manager
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-3502

    Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of paramet... Read more

    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2025-30345

    An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML ent... Read more

    Affected Products : openslides
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2023-6120

    The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary loca... Read more

    • Published: Dec. 09, 2023
    • Modified: Feb. 20, 2025

  • 4.1

    MEDIUM
    CVE-2024-32078

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212. ... Read more

    Affected Products : fv_flowplayer_video_player
    • Published: Apr. 24, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-54159

    stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Dec. 03, 2024

  • 4.1

    MEDIUM
    CVE-2024-37663

    Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.... Read more

    • Published: Jun. 17, 2024
    • Modified: Jul. 09, 2025

  • 4.1

    MEDIUM
    CVE-2024-41849

    Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of ... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 4.1

    MEDIUM
    CVE-2024-52514

    Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwa... Read more

    Affected Products : notes
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 4.1

    MEDIUM
    CVE-2022-48451

    In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2015-4960

    IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.... Read more

    Affected Products : infosphere_master_data_management
    • Published: Jan. 17, 2016
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2025-27907

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other atta... Read more

    • Published: Apr. 22, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.1

    MEDIUM
    CVE-2024-51111

    Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.... Read more

    Affected Products : pnetlab
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2021-26377

    Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service.... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Denial of Service

  • 4.1

    MEDIUM
    CVE-2021-2257

    Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows high privileged attacker... Read more

    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-6948

    A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check... Read more

    Affected Products :
    • Published: Apr. 02, 2024
    • Modified: Mar. 04, 2025

  • 4.1

    MEDIUM
    CVE-2021-39792

    In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2022-20805

    A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to ... Read more

    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-24774

    Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to al... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-41290

    A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vu... Read more

    Affected Products :
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293623 Results