Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2025-8013

    The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-lev... Read more

    Affected Products : quttera_web_malware_scanner
    • Published: Aug. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.8

    LOW
    CVE-2016-3159

    The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by le... Read more

    Affected Products : fedora debian_linux xen vm_server
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 3.8

    LOW
    CVE-2020-16128

    The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.... Read more

    Affected Products : ubuntu_linux
    • Published: Dec. 09, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-6156

    Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.... Read more

    Affected Products : lxd
    • Published: Dec. 06, 2024
    • Modified: Aug. 26, 2025

  • 3.8

    LOW
    CVE-2023-42239

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2023-42241

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2023-42237

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2024-21247

    Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker wi... Read more

    Affected Products : mysql mysql_cluster mysql_client
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 3.8

    LOW
    CVE-2023-38420

    Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : macos power_gadget
    • Published: May. 16, 2024
    • Modified: Sep. 02, 2025

  • 3.8

    LOW
    CVE-2023-42238

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2023-42242

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2018-2831

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to ... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-42235

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2023-42236

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2021-3592

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malic... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2022-23721

    PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.... Read more

    • Published: Apr. 25, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-8956

    Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.... Read more

    Affected Products : pulse_secure_desktop windows
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2017-7995

    Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project cons... Read more

    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 3.8

    LOW
    CVE-2025-22449

    Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2021-22799

    A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric... Read more

    Affected Products : software_update
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293639 Results