Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2018-2800

    Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with net... Read more

    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-25081

    Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2025-24856

    An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements ... Read more

    Affected Products :
    • Published: Mar. 16, 2025
    • Modified: Mar. 16, 2025
    • Vuln Type: Authentication

  • 4.2

    MEDIUM
    CVE-2024-47822

    Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the ... Read more

    Affected Products : directus
    • Published: Oct. 08, 2024
    • Modified: Apr. 14, 2025

  • 4.2

    MEDIUM
    CVE-2024-48929

    Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and ... Read more

    Affected Products : umbraco_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 4.2

    MEDIUM
    CVE-2017-3509

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthentic... Read more

    Affected Products : jdk jre
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2017-0135

    Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2... Read more

    Affected Products : edge
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2023-20847

    In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID... Read more

    Affected Products : android linux_kernel yocto iot_yocto mt6895 mt6897 mt6983 mt8781 mt8188 mt8195 +1 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2019-11360

    A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.... Read more

    Affected Products : iptables
    • Published: Jul. 12, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-13464

    The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module.... Read more

    Affected Products : cks32f103_firmware cks32f103
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-21808

    Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 4.2

    MEDIUM
    CVE-2024-21213

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 4.2

    MEDIUM
    CVE-2020-14767

    Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple proto... Read more

    Affected Products : hyperion_bi\+ hyperion_workspace
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-14772

    Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP... Read more

    Affected Products : hyperion_lifecycle_management
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-13882

    CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker ca... Read more

    Affected Products : fedora lynis
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-29888

    Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its addr... Read more

    Affected Products : saleor
    • Published: Mar. 27, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-4787

    IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading ... Read more

    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2021-3047

    A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a lon... Read more

    Affected Products : pan-os
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-57967

    PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.... Read more

    Affected Products : privileged_access_manager
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2024-34398

    An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 294209 Results