Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2023-20839

    In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID... Read more

    Affected Products : android linux_kernel yocto iot_yocto mt6895 mt6897 mt2713 mt6983 mt8673 mt8188 +2 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2015-7269

    Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, ... Read more

    Affected Products : st500lt015_firmware st500lt015
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2025-1540

    An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone inter... Read more

    Affected Products : gitlab
    • Published: Mar. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2022-21930

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2019-2959

    Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP ... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2019-2787

    Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automount). Supported versions that are affected are 11.4 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via ... Read more

    Affected Products : solaris solaris
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2023-42757

    Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. This can occur throug... Read more

    Affected Products :
    • Published: May. 07, 2024
    • Modified: Mar. 26, 2025

  • 4.2

    MEDIUM
    CVE-2025-55013

    The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the se... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Path Traversal

  • 4.2

    MEDIUM
    CVE-2025-6088

    In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-s... Read more

    Affected Products : librechat
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2023-24605

    OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.... Read more

    Affected Products : ox_app_suite
    • Published: May. 29, 2023
    • Modified: Jan. 14, 2025

  • 4.2

    MEDIUM
    CVE-2024-5891

    A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authe... Read more

    Affected Products : quay
    • Published: Jun. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-23461

    An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4. ... Read more

    Affected Products : client_connector
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-32877

    Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting (XSS) vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3)... Read more

    Affected Products : yii
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-45678

    Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is pre... Read more

    • Published: Sep. 03, 2024
    • Modified: Mar. 17, 2025

  • 4.2

    MEDIUM
    CVE-2017-8754

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specia... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2022-3244

    The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce... Read more

    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.2

    MEDIUM
    CVE-2017-3509

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthentic... Read more

    Affected Products : jdk jre
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2024-48929

    Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and ... Read more

    Affected Products : umbraco_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 4.1

    MEDIUM
    CVE-2017-10268

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privile... Read more

    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.1

    MEDIUM
    CVE-2016-5464

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-... Read more

    Affected Products : siebel_ui_framework siebel_crm
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 294528 Results