Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2025-6197

    An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the o... Read more

    Affected Products : grafana
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2022-41849

    drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconn... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Sep. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-25081

    Splinefont in FontForge through 20230101 allows command injection via crafted filenames.... Read more

    Affected Products : fedora debian_linux fontforge
    • Published: Feb. 26, 2024
    • Modified: Apr. 23, 2025

  • 4.2

    MEDIUM
    CVE-2024-45678

    Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is pre... Read more

    • Published: Sep. 03, 2024
    • Modified: Mar. 17, 2025

  • 4.2

    MEDIUM
    CVE-2024-10978

    Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The pro... Read more

    Affected Products : debian_linux postgresql
    • Published: Nov. 14, 2024
    • Modified: Feb. 20, 2025

  • 4.2

    MEDIUM
    CVE-2025-1540

    An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone inter... Read more

    Affected Products : gitlab
    • Published: Mar. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2022-21930

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2023-24605

    OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.... Read more

    Affected Products : ox_app_suite
    • Published: May. 29, 2023
    • Modified: Jan. 14, 2025

  • 4.2

    MEDIUM
    CVE-2025-6088

    In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-s... Read more

    Affected Products : librechat
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2024-26023

    OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 30, 2025

  • 4.2

    MEDIUM
    CVE-2024-2365

    A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. Th... Read more

    Affected Products : musicshelf
    • Published: Mar. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2023-20839

    In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID... Read more

    Affected Products : android linux_kernel yocto iot_yocto mt6895 mt6897 mt2713 mt6983 mt8673 mt8188 +2 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2019-2959

    Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP ... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-0663

    An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an at... Read more

    Affected Products : edge windows_10 windows_server_2019
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2021-43017

    Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of se... Read more

    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-24363

    The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise se... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.2

    MEDIUM
    CVE-2019-2861

    Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to com... Read more

    Affected Products : hyperion_planning
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-21210

    Windows BitLocker Information Disclosure Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Information Disclosure

  • 4.2

    MEDIUM
    CVE-2025-21214

    Windows BitLocker Information Disclosure Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Information Disclosure

  • 4.2

    MEDIUM
    CVE-2025-55013

    The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the se... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Path Traversal
Showing 20 of 294273 Results