Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2019-2506

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to t... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2025-5715

    A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. I... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 3.8

    LOW
    CVE-2022-21487

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-13523

    An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this... Read more

    Affected Products : ram_disk
    • Published: Aug. 04, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-12829

    In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this f... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-5470

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.... Read more

    Affected Products : gitlab
    • Published: Jul. 11, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2022-21295

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2021-22799

    A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric... Read more

    Affected Products : software_update
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-6219

    Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.... Read more

    Affected Products : lxd
    • Published: Dec. 06, 2024
    • Modified: Aug. 28, 2025

  • 3.8

    LOW
    CVE-2025-0914

    An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configu... Read more

    Affected Products : velociraptor
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2025-46094

    LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.... Read more

    Affected Products : liquidfiles
    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 3.8

    LOW
    CVE-2021-3595

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issu... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2017-7995

    Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project cons... Read more

    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 3.8

    LOW
    CVE-2015-2651

    Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver.... Read more

    Affected Products : solaris
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.8

    LOW
    CVE-2024-36348

    A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-0173

    Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.... Read more

    • Published: Mar. 13, 2024
    • Modified: Jan. 31, 2025

  • 3.8

    LOW
    CVE-2024-0154

    Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.... Read more

    • Published: Mar. 13, 2024
    • Modified: Jan. 31, 2025

  • 3.8

    LOW
    CVE-2018-15532

    SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.... Read more

    Affected Products : synaptics_touchpad_driver
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2017-4896

    Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.... Read more

    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 3.8

    LOW
    CVE-2024-3628

    The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : easyevent
    • Published: May. 07, 2024
    • Modified: May. 09, 2025
Showing 20 of 293605 Results