Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2021-3595

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issu... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-53502

    Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page.... Read more

    Affected Products : semcms
    • Published: Dec. 03, 2024
    • Modified: Apr. 04, 2025

  • 3.8

    LOW
    CVE-2022-21488

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2021-3594

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-13308

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2.... Read more

    • Published: Jan. 09, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.8

    LOW
    CVE-2025-58827

    Improper Control of Generation of Code ('Code Injection') vulnerability in PickPlugins Job Board Manager allows Code Injection. This issue affects Job Board Manager: from n/a through 2.1.61.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2016-3158

    The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by lever... Read more

    Affected Products : fedora xen vm_server
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 3.8

    LOW
    CVE-2022-33747

    Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation... Read more

    Affected Products : fedora debian_linux xen
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2018-20927

    cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-30142

    HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.... Read more

    Affected Products : bigfix_compliance
    • Published: Nov. 07, 2024
    • Modified: Jun. 17, 2025

  • 3.8

    LOW
    CVE-2024-5445

    Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Jan. 07, 2025

  • 3.8

    LOW
    CVE-2025-8298

    Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU dr... Read more

    Affected Products : wi-fi_usb_driver rtl8811au
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2025-32971

    XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr scr... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 3.8

    LOW
    CVE-2022-22450

    IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.... Read more

    • Published: Jul. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-26592

    Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access.... Read more

    Affected Products : thunderbolt_dch_driver
    • Published: Feb. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-29062

    The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-27303

    Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : thunderbolt_dch_driver
    • Published: Feb. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2022-24886

    Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Cont... Read more

    Affected Products : nextcloud_server nextcloud notes
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2025-32026

    Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get ... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025

  • 3.8

    LOW
    CVE-2023-2434

    The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permi... Read more

    Affected Products : nested_pages
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293609 Results