Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.8

    LOW
    CVE-2024-21000

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with net... Read more

    • Published: Apr. 16, 2024
    • Modified: Nov. 27, 2024

  • 3.8

    LOW
    CVE-2017-7995

    Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project cons... Read more

    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 3.8

    LOW
    CVE-2024-20920

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris ex... Read more

    Affected Products : solaris solaris
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 3.8

    LOW
    CVE-2019-12068

    In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next op... Read more

    Affected Products : ubuntu_linux debian_linux leap qemu
    • Published: Sep. 24, 2019
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2021-3593

    An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issu... Read more

    • Published: Jun. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-29196

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web r... Read more

    Affected Products : phpmyfaq
    • Published: Mar. 26, 2024
    • Modified: Jan. 09, 2025

  • 3.8

    LOW
    CVE-2020-3951

    VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with vi... Read more

    Affected Products : workstation windows horizon_client
    • Published: Mar. 17, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-36348

    A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-39156

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.... Read more

    Affected Products : idccms idccms
    • Published: Jun. 27, 2024
    • Modified: Apr. 15, 2025

  • 3.8

    LOW
    CVE-2020-6197

    SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.... Read more

    Affected Products : enable_now
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2020-25082

    An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.... Read more

    Affected Products : npct75x_firmware npct75x
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-6219

    Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.... Read more

    Affected Products : lxd
    • Published: Dec. 06, 2024
    • Modified: Aug. 28, 2025

  • 3.8

    LOW
    CVE-2025-24388

    A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin user. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X ... Read more

    Affected Products : otrs
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2025-22449

    Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2022-23721

    PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.... Read more

    • Published: Apr. 25, 2023
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2024-13308

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2.... Read more

    • Published: Jan. 09, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.8

    LOW
    CVE-2024-1742

    Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.... Read more

    Affected Products : checkmk checkmk
    • Published: Mar. 22, 2024
    • Modified: Dec. 04, 2024

  • 3.8

    LOW
    CVE-2024-3628

    The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : easyevent
    • Published: May. 07, 2024
    • Modified: May. 09, 2025

  • 3.8

    LOW
    CVE-2022-22450

    IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.... Read more

    • Published: Jul. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.8

    LOW
    CVE-2023-23814

    Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024
Showing 20 of 294299 Results