Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.8

    LOW
    CVE-2025-1698

    Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Denial of Service

  • 2.8

    LOW
    CVE-2018-3084

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure w... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2025-54314

    Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take con... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Aug. 10, 2025
    • Vuln Type: Injection

  • 2.8

    LOW
    CVE-2023-31028

    NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service.... Read more

    Affected Products :
    • Published: Apr. 05, 2024
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2022-20327

    In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2024-22384

    Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : trace_analyzer_and_collector
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2019-2850

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to ... Read more

    Affected Products : leap vm_virtualbox
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2015-4836

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.... Read more

    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.8

    LOW
    CVE-2014-0430

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.... Read more

    Affected Products : mysql
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.8

    LOW
    CVE-2014-0420

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.... Read more

    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.8

    LOW
    CVE-2014-0370

    Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Clinical Trip Report.... Read more

    Affected Products : siebel_crm
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.8

    LOW
    CVE-2013-6398

    The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.... Read more

    Affected Products : cloudstack
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.8

    LOW
    CVE-2024-43167

    DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a ... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2024-3479

    An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data.... Read more

    Affected Products :
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-36464

    When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 2.7

    LOW
    CVE-2024-41728

    Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise ... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 2.7

    LOW
    CVE-2023-4089

    On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.... Read more

    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-30703

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more

    Affected Products : mysql_server
    • Published: Apr. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-29177

    Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the re... Read more

    Affected Products : data_domain_operating_system
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-31450

    Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete cust... Read more

    Affected Products : owncast
    • Published: Apr. 19, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293608 Results