Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2021-23219

    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to... Read more

    • Published: Nov. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2017-9637

    Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection str... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2023-3072

    HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.... Read more

    Affected Products : nomad
    • Published: Jul. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2006-6509

    Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.... Read more

    Affected Products : sitekiosk
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2010-4415

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 4.1

    MEDIUM
    CVE-2021-2374

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Serve... Read more

    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2015-4874

    Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next... Read more

    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.1

    MEDIUM
    CVE-2007-0161

    The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifyi... Read more

    • Published: Jan. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.1

    MEDIUM
    CVE-2025-45582

    GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an ... Read more

    Affected Products : tar
    • Published: Jul. 11, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 4.1

    MEDIUM
    CVE-2025-29430

    Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/room.php via the id and rome parameters.... Read more

    • Published: Mar. 17, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2009-0900

    Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.... Read more

    Affected Products : websphere_mq
    • Published: Oct. 30, 2011
    • Modified: Apr. 11, 2025

  • 4.1

    MEDIUM
    CVE-2024-4029

    A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a m... Read more

    Affected Products : undertow
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2025-54558

    OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2025-4634

    The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Path Traversal

  • 4.1

    MEDIUM
    CVE-2023-53158

    The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that is more diffic... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2023-50786

    Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows ... Read more

    Affected Products : dradis
    • Published: Jul. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.1

    MEDIUM
    CVE-2020-8150

    A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2025-4573

    Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execut... Read more

    Affected Products : mattermost_server
    • Published: Jun. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2025-48470

    Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, o... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.1

    MEDIUM
    CVE-2025-30345

    An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML ent... Read more

    Affected Products : openslides
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 294837 Results