Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2024-45599

    Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly b... Read more

    Affected Products : cursor
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 3.8

    LOW
    CVE-2024-39324

    aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed... Read more

    Affected Products : ai-admin-graphql
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-4304

    Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0. ... Read more

    Affected Products : froxlor
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2014-1420

    On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink at... Read more

    Affected Products : ubuntu-ui-toolkit
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-41044

    Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle featu... Read more

    Affected Products : graylog
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2019-0162

    Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : -
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2022-22450

    IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.... Read more

    • Published: Jul. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-26624

    A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.... Read more

    Affected Products : gila_cms
    • Published: Jan. 02, 2024
    • Modified: Jun. 17, 2025

  • 3.8

    LOW
    CVE-2020-26623

    SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.... Read more

    Affected Products : gila_cms
    • Published: Jan. 02, 2024
    • Modified: Jun. 03, 2025

  • 3.8

    LOW
    CVE-2019-2505

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to t... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-13523

    An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this... Read more

    Affected Products : ram_disk
    • Published: Aug. 04, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-3970

    VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionali... Read more

    Affected Products : workstation esxi fusion cloud_foundation
    • Published: Jun. 25, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2022-21487

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2013-2140

    The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 25, 2013
    • Modified: Apr. 11, 2025

  • 3.8

    LOW
    CVE-2020-8956

    Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.... Read more

    Affected Products : pulse_secure_desktop windows
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2013-6219

    Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors.... Read more

    Affected Products : hp-ux hp-ux_whitelisting
    • Published: Apr. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.8

    LOW
    CVE-2021-3595

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issu... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2025-22449

    Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2025-24388

    A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin user. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X ... Read more

    Affected Products : otrs
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2016-3158

    The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by lever... Read more

    Affected Products : fedora xen vm_server
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293437 Results