Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2024-4028

    A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.8

    LOW
    CVE-2024-29196

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web r... Read more

    Affected Products : phpmyfaq
    • Published: Mar. 26, 2024
    • Modified: Jan. 09, 2025

  • 3.8

    LOW
    CVE-2024-36348

    A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2020-3951

    VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with vi... Read more

    Affected Products : workstation windows horizon_client
    • Published: Mar. 17, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-32314

    Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.... Read more

    Affected Products : ac500_firmware ac500
    • Published: Apr. 17, 2024
    • Modified: Mar. 17, 2025

  • 3.8

    LOW
    CVE-2013-6219

    Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors.... Read more

    Affected Products : hp-ux hp-ux_whitelisting
    • Published: Apr. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.8

    LOW
    CVE-2024-21247

    Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker wi... Read more

    Affected Products : mysql mysql_cluster mysql_client
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 3.8

    LOW
    CVE-2013-1530

    Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.8

    LOW
    CVE-2024-8612

    A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which... Read more

    Affected Products :
    • Published: Sep. 20, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-21885

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-21889

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-2434

    The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permi... Read more

    Affected Products : nested_pages
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-0628

    The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level ac... Read more

    Affected Products : wp_rss_aggregator
    • Published: Feb. 07, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-27303

    Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : thunderbolt_dch_driver
    • Published: Feb. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-26625

    A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.... Read more

    Affected Products : gila_cms
    • Published: Jan. 02, 2024
    • Modified: May. 16, 2025

  • 3.8

    LOW
    CVE-2023-26592

    Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access.... Read more

    Affected Products : thunderbolt_dch_driver
    • Published: Feb. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-29062

    The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-56321

    GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's... Read more

    Affected Products : gocd
    • Published: Jan. 03, 2025
    • Modified: Aug. 01, 2025

  • 3.8

    LOW
    CVE-2025-8298

    Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU dr... Read more

    Affected Products : wi-fi_usb_driver rtl8811au
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2023-42242

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection
Showing 20 of 293360 Results