Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2025-8449

    CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 4.1

    MEDIUM
    CVE-2025-52357

    Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router (firmware V2.2.14), allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. Th... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2023-5342

    The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2025-29430

    Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/room.php via the id and rome parameters.... Read more

    • Published: Mar. 17, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2025-45582

    GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an ... Read more

    Affected Products : tar
    • Published: Jul. 11, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 4.1

    MEDIUM
    CVE-2024-38903

    H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.... Read more

    Affected Products : magic_r230_firmware magic_r230
    • Published: Jun. 24, 2024
    • Modified: May. 27, 2025

  • 4.1

    MEDIUM
    CVE-2024-34664

    Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.... Read more

    Affected Products : android
    • Published: Oct. 08, 2024
    • Modified: Jul. 17, 2025

  • 4.1

    MEDIUM
    CVE-2007-1226

    McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.... Read more

    Affected Products : virex
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2023-6120

    The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary loca... Read more

    • Published: Dec. 09, 2023
    • Modified: Feb. 20, 2025

  • 4.1

    MEDIUM
    CVE-2018-2773

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attack... Read more

    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2018-13404

    The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from vers... Read more

    Affected Products : jira jira_server
    • Published: Feb. 13, 2019
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-8150

    A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2013-6205

    Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows local users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.... Read more

    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2010-4415

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 4.1

    MEDIUM
    CVE-2024-42229

    In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no lo... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2016-5463

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-... Read more

    Affected Products : siebel_ui_framework knowledge
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2024-31991

    Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregar... Read more

    Affected Products : mealie mealie
    • Published: Apr. 19, 2024
    • Modified: Mar. 07, 2025

  • 4.1

    MEDIUM
    CVE-2023-44384

    Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_... Read more

    Affected Products : discourse_jira
    • Published: Oct. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-20750

    In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780... Read more

    Affected Products : android mt6835 mt6886 mt6985 mt8791t mt8797 mt6983 mt8321 mt8673 mt8765 +13 more products
    • Published: Jun. 06, 2023
    • Modified: Jan. 07, 2025

  • 4.1

    MEDIUM
    CVE-2022-1974

    A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293621 Results