Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2025-22834

    AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity,... Read more

    Affected Products : aptio_v
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-46675

    In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.... Read more

    Affected Products : cryptolib
    • Published: Apr. 27, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cryptography

  • 4.2

    MEDIUM
    CVE-2024-29888

    Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its addr... Read more

    Affected Products : saleor
    • Published: Mar. 27, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-7501

    The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 19, 2024

  • 4.2

    MEDIUM
    CVE-2022-21555

    Vulnerability in the MySQL Shell for VS Code product of Oracle MySQL (component: Shell: GUI). Supported versions that are affected are 1.1.8 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where... Read more

    Affected Products : mysql mysql_server mysql_shell
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-2777

    Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to com... Read more

    Affected Products : hyperion_financial_management
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-31965

    A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversa... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-41597

    Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.... Read more

    Affected Products : processwire
    • Published: Jul. 19, 2024
    • Modified: Jul. 09, 2025

  • 4.2

    MEDIUM
    CVE-2024-34398

    An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2025-53073

    In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not trea... Read more

    Affected Products : sentry
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2024-39081

    An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.... Read more

    Affected Products : smart_tyre_car_\&_bike
    • Published: Sep. 18, 2024
    • Modified: Mar. 17, 2025

  • 4.2

    MEDIUM
    CVE-2022-3244

    The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce... Read more

    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.2

    MEDIUM
    CVE-2021-40041

    There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Su... Read more

    Affected Products : ws318n-21_firmware ws318n-21
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-27413

    An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.... Read more

    Affected Products : mahavitaran
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2023-20839

    In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID... Read more

    Affected Products : android linux_kernel yocto iot_yocto mt6895 mt6897 mt2713 mt6983 mt8673 mt8188 +2 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2023-20846

    In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Iss... Read more

    Affected Products : android linux_kernel yocto iot_yocto mt6895 mt6897 mt6983 mt8781 mt8188 mt8195 +1 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-9690

    Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.... Read more

    Affected Products : magento
    • Published: Jul. 29, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2022-20541

    In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: And... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 21, 2025

  • 4.2

    MEDIUM
    CVE-2023-20843

    In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Iss... Read more

    Affected Products : android linux_kernel yocto iot_yocto mt6895 mt6897 mt6983 mt8781 mt8188 mt8195 +1 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2019-2861

    Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to com... Read more

    Affected Products : hyperion_planning
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294328 Results