Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2013-6714

    The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of servi... Read more

    Affected Products : tivoli_storage_flashcopy_manager
    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2021-39648

    In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2021-39727

    In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User inter... Read more

    Affected Products : android
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-25656

    A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerabilit... Read more

    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-49822

    IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    • Published: Mar. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.1

    MEDIUM
    CVE-2025-27907

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other atta... Read more

    • Published: Apr. 22, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.1

    MEDIUM
    CVE-2025-8865

    The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in ... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Denial of Service

  • 4.1

    MEDIUM
    CVE-2018-0250

    A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect ac... Read more

    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-28922

    Secure Boot Security Feature Bypass Vulnerability... Read more

    • Published: Apr. 09, 2024
    • Modified: Jan. 08, 2025

  • 4.1

    MEDIUM
    CVE-2022-20032

    In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05852822; Issue ID: ALPS0... Read more

    Affected Products : android mt6781 mt6785 mt6833 mt6853 mt6853t mt6873 mt6877 mt6883 mt6885 +7 more products
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2021-47534

    In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Add missing drm_crtc_commit_put Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a global state for the HVS, with each FIFO sto... Read more

    Affected Products : linux_kernel
    • Published: May. 24, 2024
    • Modified: Apr. 01, 2025

  • 4.1

    MEDIUM
    CVE-2025-31326

    SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipula... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2025-48710

    kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and r... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 4.1

    MEDIUM
    CVE-2021-22300

    There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process acce... Read more

    Affected Products : ecns280_td_firmware ecns280_td
    • Published: Feb. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-42156

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key.... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Dec. 09, 2024

  • 4.1

    MEDIUM
    CVE-2024-42158

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity fo... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-15141

    In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.... Read more

    Affected Products : openapi-python-client
    • Published: Aug. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2022-21611

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Serve... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2025-30015

    Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output v... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2025-2048

    The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server... Read more

    Affected Products : lana_downloads_manager
    • Published: Apr. 01, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293947 Results