Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.2

    LOW
    CVE-2024-32482

    The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a cu... Read more

    Affected Products :
    • Published: Apr. 23, 2024
    • Modified: Nov. 21, 2024

  • 2.2

    LOW
    CVE-2024-22117

    When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the s... Read more

    Affected Products : zabbix
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 2.2

    LOW
    CVE-2023-23349

    Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker mu... Read more

    Affected Products :
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 2.2

    LOW
    CVE-2024-29208

    An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV... Read more

    Affected Products :
    • Published: May. 07, 2024
    • Modified: Nov. 21, 2024

  • 2.2

    LOW
    CVE-2024-23843

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects Genian NAC V5.0: from V5.0.0 through V5.0.60; Genian NAC LTS V5.0: from 5.0.0 LTS... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 28, 2024

  • 2.2

    LOW
    CVE-2024-53564

    A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what... Read more

    Affected Products : freepbx
    • Published: Dec. 02, 2024
    • Modified: Jan. 09, 2025

  • 2.2

    LOW
    CVE-2024-28051

    Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 2.2

    LOW
    CVE-2024-21232

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with net... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 2.2

    LOW
    CVE-2025-29991

    Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authentication

  • 2.2

    LOW
    CVE-2024-21243

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 2.2

    LOW
    CVE-2024-28030

    NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 2.2

    LOW
    CVE-2025-50100

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with ne... Read more

    Affected Products : mysql mysql_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service

  • 2.2

    LOW
    CVE-2025-52916

    Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 2.2

    LOW
    CVE-2024-53861

    pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`. This is a bug introduced in version 2.10.0: checking the "iss" claim changed from `isinstance(... Read more

    Affected Products : pyjwt
    • Published: Nov. 29, 2024
    • Modified: Dec. 02, 2024

  • 2.1

    LOW
    CVE-2009-1972

    Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL and DBMS_SQL.... Read more

    Affected Products : database_server
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-0971

    Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4... Read more

    Affected Products : atutor
    • Published: Mar. 16, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2025-21085

    PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.... Read more

    Affected Products : pingfederate
    • Published: Jun. 15, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Denial of Service

  • 2.1

    LOW
    CVE-2025-27512

    Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the `zincati` system user to use the actions `org.projectatomic.rpmostree1.deploy` to deploy updates to the system and `org.projectatomic.rpmostree1.finalize... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authorization

  • 2.1

    LOW
    CVE-2013-1786

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal company
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2025-43774

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.17 allows a remote authenticated user to inject JavaScript code via Style Book theme name. This malicious payload is then refle... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293562 Results