Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.3

    LOW
    CVE-2014-2573

    The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM... Read more

    Affected Products : nova compute
    • Published: Mar. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2013-4377

    Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.... Read more

    Affected Products : qemu
    • Published: Oct. 11, 2013
    • Modified: Apr. 11, 2025

  • 2.3

    LOW
    CVE-2021-3037

    An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, ... Read more

    Affected Products : pan-os
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2024-44123

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. A malicious app with root privileges may be able to access keyboard input and location information without user consent.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Oct. 28, 2024
    • Modified: Dec. 06, 2024

  • 2.3

    LOW
    CVE-2020-2505

    If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.... Read more

    Affected Products : qes
    • Published: Dec. 24, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2017-15307

    Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.... Read more

    Affected Products : honor_8_firmware honor_8
    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 2.3

    LOW
    CVE-2024-28238

    Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., we... Read more

    Affected Products : directus
    • Published: Mar. 12, 2024
    • Modified: Jan. 03, 2025

  • 2.3

    LOW
    CVE-2024-21253

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wher... Read more

    Affected Products : vm_virtualbox
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 2.3

    LOW
    CVE-2021-2207

    Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executabl... Read more

    Affected Products : database database_server
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-40089

    An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Acce... Read more

    Affected Products : ejbca
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2017-10292

    Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to ... Read more

    Affected Products : database
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 2.3

    LOW
    CVE-2020-29480

    An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, mod... Read more

    Affected Products : fedora debian_linux xen
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2024-36469

    Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.... Read more

    Affected Products : zabbix
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2025-32700

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbu... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Information Disclosure

  • 2.3

    LOW
    CVE-2025-24369

    Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by reques... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2022-31223

    Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.... Read more

    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2022-29812

    In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient... Read more

    Affected Products : intellij_idea
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2015-8569

    The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mecha... Read more

    Affected Products : linux_kernel
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2007-3442

    Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a ho... Read more

    Affected Products : blackberry_7270
    • Published: Jun. 27, 2007
    • Modified: Apr. 09, 2025

  • 2.3

    LOW
    CVE-2025-43733

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293606 Results