Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2024-32877

    Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting (XSS) vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3)... Read more

    Affected Products : yii
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-2365

    A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. Th... Read more

    Affected Products : musicshelf
    • Published: Mar. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-23461

    An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4. ... Read more

    Affected Products : client_connector
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2023-21462

    The sensitive information exposure vulnerability in Quick Share Agent prior to versions 3.5.14.18 in Android 12 and 3.5.16.20 in Android 13 allows to local attacker to access MAC address without related permission.... Read more

    Affected Products : android quick_share
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-54650

    Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function.... Read more

    Affected Products : harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 4.2

    MEDIUM
    CVE-2024-31965

    A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversa... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-41597

    Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.... Read more

    Affected Products : processwire
    • Published: Jul. 19, 2024
    • Modified: Jul. 09, 2025

  • 4.2

    MEDIUM
    CVE-2024-48929

    Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and ... Read more

    Affected Products : umbraco_cms
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 4.2

    MEDIUM
    CVE-2023-22016

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to th... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-32963

    Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The att... Read more

    Affected Products : navidrome
    • Published: May. 01, 2024
    • Modified: Aug. 26, 2025

  • 4.2

    MEDIUM
    CVE-2017-13675

    A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specif... Read more

    Affected Products : endpoint_encryption
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2021-43221

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2024-21213

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 4.2

    MEDIUM
    CVE-2024-28162

    In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching f... Read more

    Affected Products : delphix
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 4.2

    MEDIUM
    CVE-2020-14772

    Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP... Read more

    Affected Products : hyperion_lifecycle_management
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2023-23920

    An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.... Read more

    Affected Products : debian_linux node.js
    • Published: Feb. 23, 2023
    • Modified: Mar. 17, 2025

  • 4.2

    MEDIUM
    CVE-2022-46174

    efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a lo... Read more

    • Published: Dec. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-14767

    Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple proto... Read more

    Affected Products : hyperion_bi\+ hyperion_workspace
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2025-26603

    Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ... Read more

    Affected Products : vim hci_compute_node
    • Published: Feb. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.2

    MEDIUM
    CVE-2022-39910

    Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.... Read more

    Affected Products : pass
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294740 Results