Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2023-0091

    A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.... Read more

    • Published: Jan. 13, 2023
    • Modified: Apr. 09, 2025

  • 3.8

    LOW
    CVE-2002-2202

    Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.... Read more

    Affected Products : outlook_express
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.8

    LOW
    CVE-2025-8298

    Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU dr... Read more

    Affected Products : wi-fi_usb_driver rtl8811au
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2023-38420

    Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : macos power_gadget
    • Published: May. 16, 2024
    • Modified: Sep. 02, 2025

  • 3.8

    LOW
    CVE-2024-36349

    A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-36287

    Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.... Read more

    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-21988

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-16128

    The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.... Read more

    Affected Products : ubuntu_linux
    • Published: Dec. 09, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2010-2393

    Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC.... Read more

    Affected Products : solaris opensolaris
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.8

    LOW
    CVE-2023-42237

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2023-42239

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2024-31144

    For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs). The metadata ... Read more

    Affected Products : xen
    • Published: Feb. 14, 2025
    • Modified: Apr. 26, 2025
    • Vuln Type: Misconfiguration

  • 3.8

    LOW
    CVE-2024-51324

    An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 3.8

    LOW
    CVE-2023-42241

    An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.... Read more

    Affected Products : visual_access_manager
    • Published: Jan. 13, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2020-11947

    iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.... Read more

    Affected Products : qemu
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2017-18384

    cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2021-22799

    A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric... Read more

    Affected Products : software_update
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-13523

    An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this... Read more

    Affected Products : ram_disk
    • Published: Aug. 04, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-25082

    An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.... Read more

    Affected Products : npct75x_firmware npct75x
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-20920

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris ex... Read more

    Affected Products : solaris solaris
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293675 Results