Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2024-55592

    An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all ver... Read more

    Affected Products : fortisiem
    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2002-2202

    Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.... Read more

    Affected Products : outlook_express
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.8

    LOW
    CVE-2023-38420

    Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : macos power_gadget
    • Published: May. 16, 2024
    • Modified: Sep. 02, 2025

  • 3.8

    LOW
    CVE-2024-8160

    Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This fla... Read more

    Affected Products : axis_os
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 3.8

    LOW
    CVE-2025-25228

    A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.... Read more

    Affected Products : virtuemart
    • Published: Apr. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2018-20927

    cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2025-8298

    Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU dr... Read more

    Affected Products : wi-fi_usb_driver rtl8811au
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2023-21885

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-21889

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-36348

    A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2019-12068

    In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next op... Read more

    Affected Products : ubuntu_linux debian_linux leap qemu
    • Published: Sep. 24, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2017-7995

    Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project cons... Read more

    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 3.8

    LOW
    CVE-2024-29196

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web r... Read more

    Affected Products : phpmyfaq
    • Published: Mar. 26, 2024
    • Modified: Jan. 09, 2025

  • 3.8

    LOW
    CVE-2013-2140

    The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 25, 2013
    • Modified: Apr. 11, 2025

  • 3.8

    LOW
    CVE-2013-3792

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core.... Read more

    Affected Products : vm_virtualbox
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.8

    LOW
    CVE-2024-39156

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.... Read more

    Affected Products : idccms idccms
    • Published: Jun. 27, 2024
    • Modified: Apr. 15, 2025

  • 3.8

    LOW
    CVE-2020-3951

    VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with vi... Read more

    Affected Products : workstation windows horizon_client
    • Published: Mar. 17, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2016-3158

    The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by lever... Read more

    Affected Products : fedora xen vm_server
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 3.8

    LOW
    CVE-2015-2651

    Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver.... Read more

    Affected Products : solaris
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.8

    LOW
    CVE-2019-2504

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to t... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293656 Results