Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2024-42158

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity fo... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-42156

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key.... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2024
    • Modified: Dec. 09, 2024

  • 4.1

    MEDIUM
    CVE-2014-4203

    Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Property Edit... Read more

    Affected Products : hyperion
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2024-32028

    OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoin... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-52514

    Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwa... Read more

    Affected Products : notes
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 4.1

    MEDIUM
    CVE-2025-31326

    SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipula... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2021-39727

    In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User inter... Read more

    Affected Products : android
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-52862

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initi... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 02, 2025

  • 4.1

    MEDIUM
    CVE-2016-8017

    Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 4.1

    MEDIUM
    CVE-2016-8313

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows... Read more

    Affected Products : flexcube_private_banking
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.1

    MEDIUM
    CVE-2020-25656

    A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerabilit... Read more

    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2025-30015

    Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output v... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2025-32019

    Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be ex... Read more

    Affected Products : harbor
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2025-32358

    In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automat... Read more

    Affected Products : zammad
    • Published: Apr. 05, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.1

    MEDIUM
    CVE-2020-2978

    Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role accou... Read more

    Affected Products : database
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2024-29435

    An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.... Read more

    Affected Products : alldata
    • Published: Apr. 01, 2024
    • Modified: May. 07, 2025

  • 4.1

    MEDIUM
    CVE-2020-2527

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege wit... Read more

    Affected Products : database database_server
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2016-7094

    Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.... Read more

    Affected Products : xen
    • Published: Sep. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2024-49822

    IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    • Published: Mar. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.1

    MEDIUM
    CVE-2025-6838

    The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above,... Read more

    Affected Products : broken_link_notifier
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection
Showing 20 of 294421 Results