Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-5594

    Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.... Read more

    Affected Products : fedora drupal
    • Published: Oct. 19, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-4470

    Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.... Read more

    Affected Products : libmspack libmspack
    • Published: Jun. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0091

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-... Read more

    Affected Products : jre sdk jdk
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-5268

    pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.... Read more

    Affected Products : ubuntu_linux libpng
    • Published: Oct. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5899

    The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demon... Read more

    Affected Products : php
    • Published: Nov. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4677

    autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to serv... Read more

    Affected Products : vim netrw
    • Published: Oct. 22, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-0420

    libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.... Read more

    Affected Products : pidgin
    • Published: Feb. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-4494

    Mozilla Firefox OS before 2.2 does not require the wifi-manage privilege for reading a Wi-Fi system message, which allows attackers to obtain potentially sensitive information via a crafted app.... Read more

    Affected Products : firefox_os
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0255

    Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript e... Read more

    • Published: Feb. 04, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-44244

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unex... Read more

    • Published: Oct. 28, 2024
    • Modified: Dec. 06, 2024

  • 4.3

    MEDIUM
    CVE-2017-15709

    When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.... Read more

    Affected Products : activemq
    • Published: Feb. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-17183

    Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to i... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21662

    A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.... Read more

    Affected Products : xebialabs_xl_deploy
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-12302

    A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to... Read more

    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2025-2498

    An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP ... Read more

    Affected Products : gitlab
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-54532

    In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2017-17693

    Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.... Read more

    • Published: Dec. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-17281

    SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A rem... Read more

    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21641

    A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.... Read more

    Affected Products : promoted_builds
    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1000390

    Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.... Read more

    Affected Products : multijob
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293631 Results