Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2022-45428

    Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.... Read more

    • Published: Dec. 27, 2022
    • Modified: Apr. 14, 2025

  • 2.7

    LOW
    CVE-2023-4089

    On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.... Read more

    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-37253

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Directory Kit: from n/a through 1.3.6.... Read more

    Affected Products : wp_directory_kit
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2021-0991

    In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. ... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-3177

    A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the e... Read more

    Affected Products : kubernetes
    • Published: Apr. 22, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2010-3699

    The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm command... Read more

    Affected Products : xen
    • Published: Dec. 08, 2010
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2025-58866

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info allows Retrieve Embedded Sensitive Data. This issue affects Site Info: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2024-38823

    Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2024-29177

    Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the re... Read more

    Affected Products : data_domain_operating_system
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-21963

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with net... Read more

    Affected Products : mysql mysql_server
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2012-2696

    The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.... Read more

    Affected Products : enterprise_virtualization_manager
    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2024-29852

    Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: May. 22, 2024
    • Modified: Jul. 03, 2025

  • 2.7

    LOW
    CVE-2012-2625

    The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.... Read more

    Affected Products : xen xen-unstable
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2024-23600

    Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.... Read more

    Affected Products :
    • Published: Aug. 01, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-45134

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on c... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 2.7

    LOW
    CVE-2025-4563

    A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim status... Read more

    Affected Products : kubernetes
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-10672

    The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it po... Read more

    Affected Products : multiple_page_generator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 2.7

    LOW
    CVE-2024-0231

    A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.... Read more

    Affected Products : gitlab
    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-6793

    An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.... Read more

    Affected Products : pan-os prisma_access
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-36576

    Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.... Read more

    Affected Products : wyse_management_suite
    • Published: Jun. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 294071 Results