Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.5

    LOW
    CVE-2016-6450

    A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are runn... Read more

    Affected Products : ios_xe ios_xe
    • EPSS Score: %0.06
    • Published: Nov. 19, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2017-1346

    IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.... Read more

    Affected Products : business_process_manager
    • EPSS Score: %0.04
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 2.5

    LOW
    CVE-2016-7960

    Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.... Read more

    Affected Products : simatic_step_7
    • EPSS Score: %0.09
    • Published: Oct. 13, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2023-4986

    A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort.... Read more

    Affected Products : inplant_scada
    • EPSS Score: %0.04
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2017-1211

    IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851.... Read more

    Affected Products : daeja_viewone
    • EPSS Score: %0.04
    • Published: Oct. 24, 2017
    • Modified: Apr. 20, 2025

  • 2.5

    LOW
    CVE-2016-5849

    Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.... Read more

    Affected Products : sicam_pas\/pqs sicam_pas
    • EPSS Score: %0.09
    • Published: Jul. 04, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2021-2149

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Orac... Read more

    • EPSS Score: %0.12
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2025-2149

    A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initializ... Read more

    Affected Products : pytorch pytorch
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 2.5

    LOW
    CVE-2024-42185

    BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial ... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Injection

  • 2.5

    LOW
    CVE-2021-33604

    URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening craf... Read more

    Affected Products : vaadin flow-server
    • EPSS Score: %0.05
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2023-25546

    Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Sep. 16, 2024
    • Modified: Sep. 16, 2024

  • 2.5

    LOW
    CVE-2021-29948

    Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10.... Read more

    Affected Products : thunderbird
    • EPSS Score: %0.07
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2024-34063

    vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization... Read more

    Affected Products :
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2017-18412

    cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.07
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2018-20943

    cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.07
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2017-3513

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon ... Read more

    Affected Products : vm_virtualbox
    • EPSS Score: %0.07
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 2.5

    LOW
    CVE-2025-5645

    A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking... Read more

    Affected Products : radare2
    • Published: Jun. 05, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 2.5

    LOW
    CVE-2025-9577

    A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking loc... Read more

    Affected Products : x2000r_firmware
    • Published: Aug. 28, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication

  • 2.5

    LOW
    CVE-2025-9576

    A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached loc... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication

  • 2.5

    LOW
    CVE-2025-9589

    A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack needs to be launched locally. A high complexity level is... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication
Showing 20 of 291647 Results