Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2022-26888

    Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : quartus_prime
    • Published: Feb. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-24742

    SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site S... Read more

    Affected Products : crm_-_webclient_ui
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-9828

    The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks... Read more

    Affected Products : taskbuilder
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 4.1

    MEDIUM
    CVE-2021-44166

    An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, ev... Read more

    Affected Products : fortitoken_mobile
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-21583

    Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/g... Read more

    Affected Products :
    • Published: Jul. 19, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-38903

    H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.... Read more

    Affected Products : magic_r230_firmware magic_r230
    • Published: Jun. 24, 2024
    • Modified: May. 27, 2025

  • 4.1

    MEDIUM
    CVE-2025-48470

    Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, o... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2020-26080

    A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to impro... Read more

    Affected Products : iot_field_network_director
    • Published: Nov. 18, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-2728

    Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol.... Read more

    Affected Products :
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-52720

    Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: May. 14, 2024
    • Modified: Dec. 09, 2024

  • 4.1

    MEDIUM
    CVE-2009-3405

    Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.1.4 allows remote authenticated users to affect integrity and availability via unknown vectors.... Read more

    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2024-42229

    In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no lo... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-52935

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Memory Corruption

  • 4.1

    MEDIUM
    CVE-2025-30345

    An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML ent... Read more

    Affected Products : openslides
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2020-8150

    A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-10638

    The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    • Published: Mar. 25, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2010-4415

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 4.1

    MEDIUM
    CVE-2009-5152

    Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation statu... Read more

    Affected Products : computrace_agent
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2021-2374

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Serve... Read more

    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-13176

    Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an at... Read more

    Affected Products : openssl
    • Published: Jan. 20, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Cryptography
Showing 20 of 294070 Results