Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.0

    LOW
    CVE-2023-51453

    A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the process_p... Read more

    Affected Products :
    • Published: Apr. 02, 2024
    • Modified: Nov. 21, 2024

  • 3.0

    LOW
    CVE-2024-24901

    Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.... Read more

    Affected Products : powerscale_onefs
    • Published: Mar. 04, 2024
    • Modified: Jan. 08, 2025

  • 3.0

    LOW
    CVE-2023-51452

    A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pull_file... Read more

    Affected Products :
    • Published: Apr. 02, 2024
    • Modified: Nov. 21, 2024

  • 3.0

    LOW
    CVE-2010-3506

    Unspecified vulnerability in the Oracle Explorer (Sun Explorer) component in Oracle Sun Products Suite 6.4 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : sun_products_suite
    • EPSS Score: %0.12
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.0

    LOW
    CVE-2022-33994

    The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous ... Read more

    Affected Products : gutenberg
    • EPSS Score: %0.27
    • Published: Jul. 30, 2022
    • Modified: Nov. 21, 2024

  • 3.0

    LOW
    CVE-2023-6950

    An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service att... Read more

    Affected Products :
    • Published: Apr. 02, 2024
    • Modified: Nov. 21, 2024

  • 3.0

    LOW
    CVE-2024-45744

    TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker ... Read more

    Affected Products : topbraid_edg
    • Published: Sep. 27, 2024
    • Modified: Feb. 18, 2025

  • 2.9

    LOW
    CVE-2024-38358

    Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both `oflags::creat` and `rights... Read more

    Affected Products : wasmer
    • Published: Jun. 19, 2024
    • Modified: Nov. 21, 2024

  • 2.9

    LOW
    CVE-2025-46416

    The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2,... Read more

    Affected Products : nix
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authorization

  • 2.9

    LOW
    CVE-2014-0905

    IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.... Read more

    Affected Products : infosphere_biginsights
    • EPSS Score: %0.11
    • Published: Aug. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2014-5171

    SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.... Read more

    • EPSS Score: %0.40
    • Published: Jul. 31, 2014
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2013-1615

    The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls.... Read more

    • EPSS Score: %0.11
    • Published: Jul. 08, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2024-30120

    HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application.... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 2.9

    LOW
    CVE-2012-3582

    Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's s... Read more

    Affected Products : pgp_universal_server
    • EPSS Score: %0.22
    • Published: Sep. 04, 2012
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2022-21357

    Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high pr... Read more

    • EPSS Score: %0.32
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 2.9

    LOW
    CVE-2013-1573

    The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of ser... Read more

    Affected Products : wireshark
    • EPSS Score: %0.23
    • Published: Feb. 03, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2012-1945

    Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka... Read more

    • EPSS Score: %0.19
    • Published: Jun. 05, 2012
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2013-1588

    Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application cras... Read more

    Affected Products : wireshark
    • EPSS Score: %0.51
    • Published: Feb. 03, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2013-1590

    Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.... Read more

    Affected Products : wireshark
    • EPSS Score: %0.29
    • Published: Feb. 03, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2013-1587

    The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malf... Read more

    Affected Products : wireshark
    • EPSS Score: %0.23
    • Published: Feb. 03, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291615 Results