Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2024-52935

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Memory Corruption

  • 4.1

    MEDIUM
    CVE-2025-30345

    An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML ent... Read more

    Affected Products : openslides
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2007-0161

    The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifyi... Read more

    • Published: Jan. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2006-6509

    Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.... Read more

    Affected Products : sitekiosk
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2006-6753

    Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long str... Read more

    Affected Products : windows_event_viewer
    • Published: Dec. 27, 2006
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2018-2773

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attack... Read more

    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-42229

    In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no lo... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2025-49599

    Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2010-4415

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 4.1

    MEDIUM
    CVE-2020-7303

    Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label.... Read more

    Affected Products : data_loss_prevention
    • Published: Aug. 13, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-4640

    Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logg... Read more

    Affected Products : api_connect
    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-32028

    OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoin... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-41849

    Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of ... Read more

    • Published: Aug. 23, 2024
    • Modified: Aug. 26, 2024

  • 4.1

    MEDIUM
    CVE-2024-42158

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity fo... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-42156

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key.... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Dec. 09, 2024

  • 4.1

    MEDIUM
    CVE-2016-8017

    Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 4.1

    MEDIUM
    CVE-2016-5559

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.... Read more

    Affected Products : solaris
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2024-37180

    Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensit... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2025-20285

    A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address. This vulnerability is d... Read more

    • Published: Jul. 16, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 4.1

    MEDIUM
    CVE-2025-1986

    The Gutentor WordPress plugin before 3.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : gutentor
    • Published: Apr. 01, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection
Showing 20 of 293620 Results