Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.3

    LOW
    CVE-2023-21450

    Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting.... Read more

    Affected Products : one_hand_operation_\+
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2013-4377

    Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.... Read more

    Affected Products : qemu
    • Published: Oct. 11, 2013
    • Modified: Apr. 11, 2025

  • 2.3

    LOW
    CVE-2024-21123

    Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with logon to the infrastructure ... Read more

    Affected Products : database_server
    • Published: Jul. 16, 2024
    • Modified: Jun. 18, 2025

  • 2.3

    LOW
    CVE-2024-49709

    Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attacker with an access to user's browser might set such a cookie, wait until the user logs in and then use the same cookie to take over the ... Read more

    Affected Products :
    • Published: Apr. 14, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2024-52328

    ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Misconfiguration

  • 2.3

    LOW
    CVE-2025-0164

    IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment.... Read more

    • Published: Sep. 14, 2025
    • Modified: Sep. 14, 2025
    • Vuln Type: Authorization

  • 2.3

    LOW
    CVE-2019-12756

    Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.... Read more

    Affected Products : endpoint_protection
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2023-20507

    An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 2.3

    LOW
    CVE-2021-41527

    An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2021-3037

    An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, ... Read more

    Affected Products : pan-os
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2020-15469

    In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.... Read more

    Affected Products : debian_linux qemu
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2012-0833

    The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a cer... Read more

    Affected Products : 389_directory_server
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.3

    LOW
    CVE-2019-4394

    IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.... Read more

    Affected Products : cloud_orchestrator
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2019-2926

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the ... Read more

    Affected Products : vm_virtualbox
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2017-15307

    Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.... Read more

    Affected Products : honor_8_firmware honor_8
    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 2.3

    LOW
    CVE-2025-2517

    Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager.... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 2.3

    LOW
    CVE-2024-34715

    Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special... Read more

    Affected Products : fides
    • Published: May. 29, 2024
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2018-12217

    Insufficient access control in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373... Read more

    Affected Products : graphics_driver
    • Published: Mar. 14, 2019
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2013-0572

    Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject cont... Read more

    • Published: Apr. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.3

    LOW
    CVE-2022-20543

    In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 21, 2025
Showing 20 of 293695 Results