Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.9

    LOW
    CVE-2024-32667

    Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 3.9

    LOW
    CVE-2023-40732

    A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.... Read more

    Affected Products : qms_automotive
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2010-2393

    Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC.... Read more

    Affected Products : solaris opensolaris
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.8

    LOW
    CVE-2017-18384

    cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-5445

    Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Jan. 07, 2025

  • 3.8

    LOW
    CVE-2025-8298

    Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU dr... Read more

    Affected Products : wi-fi_usb_driver rtl8811au
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2023-29062

    The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-26625

    A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.... Read more

    Affected Products : gila_cms
    • Published: Jan. 02, 2024
    • Modified: May. 16, 2025

  • 3.8

    LOW
    CVE-2024-3076

    The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : mm-email2image
    • Published: Apr. 26, 2024
    • Modified: Jun. 10, 2025

  • 3.8

    LOW
    CVE-2025-6217

    PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtai... Read more

    Affected Products : device_driver
    • Published: Jun. 21, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-34203

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.... Read more

    Affected Products : cp450_firmware cp450
    • Published: May. 14, 2024
    • Modified: Apr. 03, 2025

  • 3.8

    LOW
    CVE-2024-2972

    The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin t... Read more

    Affected Products : floating_chat_widget
    • Published: Apr. 24, 2024
    • Modified: May. 08, 2025

  • 3.8

    LOW
    CVE-2024-45599

    Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly b... Read more

    Affected Products : cursor
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 3.8

    LOW
    CVE-2024-39324

    aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed... Read more

    Affected Products : ai-admin-graphql
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-38660

    Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 3.8

    LOW
    CVE-2022-24886

    Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Cont... Read more

    Affected Products : nextcloud_server nextcloud notes
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2019-2501

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to t... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-52584

    In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmi_controller. On device remove, spmi_controller will be freed first, an... Read more

    Affected Products : linux_kernel
    • Published: Mar. 06, 2024
    • Modified: Mar. 14, 2025

  • 3.8

    LOW
    CVE-2022-21487

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-31144

    For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs). The metadata ... Read more

    Affected Products : xen
    • Published: Feb. 14, 2025
    • Modified: Apr. 26, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293357 Results