Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2025-27027

    A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restric... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 4.1

    MEDIUM
    CVE-2016-0668

    Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.... Read more

    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2020-25656

    A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerabilit... Read more

    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2022-20805

    A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to ... Read more

    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-8179

    Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.... Read more

    Affected Products : deck
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-2527

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege wit... Read more

    Affected Products : database database_server
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-2978

    Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role accou... Read more

    Affected Products : database
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-30146

    Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authorization

  • 4.1

    MEDIUM
    CVE-2008-1628

    Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third par... Read more

    Affected Products : audit
    • Published: Apr. 02, 2008
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2019-14825

    A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credenti... Read more

    Affected Products : katello subscription_asset_manager
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-50786

    Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows ... Read more

    Affected Products : dradis
    • Published: Jul. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.1

    MEDIUM
    CVE-2021-2374

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Serve... Read more

    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2025-53906

    Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires di... Read more

    Affected Products : vim
    • Published: Jul. 15, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 4.1

    MEDIUM
    CVE-2024-1544

    Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by d... Read more

    Affected Products : wolfssl
    • Published: Aug. 27, 2024
    • Modified: Aug. 28, 2024

  • 4.1

    MEDIUM
    CVE-2006-6509

    Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.... Read more

    Affected Products : sitekiosk
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2024-26652

    In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_rele... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2024
    • Modified: Apr. 08, 2025

  • 4.1

    MEDIUM
    CVE-2025-4634

    The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Path Traversal

  • 4.1

    MEDIUM
    CVE-2023-53158

    The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that is more diffic... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2025-49599

    Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2024-10638

    The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    • Published: Mar. 25, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection
Showing 20 of 294070 Results