Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.0

    LOW
    CVE-2025-52136

    In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability... Read more

    Affected Products : emqx
    • Published: Aug. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 3.0

    LOW
    CVE-2024-42350

    Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 3.0

    LOW
    CVE-2021-34396

    Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.... Read more

    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 3.0

    LOW
    CVE-2023-31331

    Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 3.0

    LOW
    CVE-2025-31363

    Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performin... Read more

    Affected Products : mattermost_server
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.0

    LOW
    CVE-2025-53018

    Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery (SSRF) vulnerability exists in the `/api/v2/Photo::fromUrl` endpoint. This flaw lets an attacker instruct the application’s backend to mak... Read more

    Affected Products : lychee
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.0

    LOW
    CVE-2024-36468

    The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds che... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 3.0

    LOW
    CVE-2024-24901

    Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.... Read more

    Affected Products : powerscale_onefs
    • Published: Mar. 04, 2024
    • Modified: Jan. 08, 2025

  • 3.0

    LOW
    CVE-2014-2486

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different ... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.0

    LOW
    CVE-2023-32024

    Microsoft Power Apps Spoofing Vulnerability... Read more

    Affected Products : power_apps power-apps
    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024

  • 3.0

    LOW
    CVE-2024-21257

    Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with access to the physical c... Read more

    Affected Products : hyperion_bi\+
    • Published: Oct. 15, 2024
    • Modified: Nov. 06, 2024

  • 3.0

    LOW
    CVE-2023-51452

    A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pull_file... Read more

    Affected Products :
    • Published: Apr. 02, 2024
    • Modified: Nov. 21, 2024

  • 3.0

    LOW
    CVE-2024-45744

    TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker ... Read more

    Affected Products : topbraid_edg
    • Published: Sep. 27, 2024
    • Modified: Feb. 18, 2025

  • 3.0

    LOW
    CVE-2009-1981

    Unspecified vulnerability in the Highly Interactive Client component in Siebel Product Suite 7.5.3, 7.7.2, 7.8.2, 8.0.0.5, and 8.1.0 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : siebel_enterprise_suite
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 3.0

    LOW
    CVE-2010-3506

    Unspecified vulnerability in the Oracle Explorer (Sun Explorer) component in Oracle Sun Products Suite 6.4 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : sun_products_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.0

    LOW
    CVE-2013-2391

    Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.... Read more

    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2015-3340

    Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.... Read more

    • Published: Apr. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2013-1583

    The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (appli... Read more

    Affected Products : wireshark
    • Published: Feb. 03, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2013-1577

    The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attac... Read more

    Affected Products : wireshark
    • Published: Feb. 03, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2025-46393

    In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).... Read more

    Affected Products : imagemagick
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293608 Results