Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2006-1335

    gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard s... Read more

    Affected Products : screensaver
    • Published: Mar. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2010-0014

    System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation tha... Read more

    Affected Products : sssd
    • Published: Jan. 14, 2010
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2023-38872

    An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.... Read more

    Affected Products : economizzer economizzer
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2006-2035

    Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL.... Read more

    Affected Products : websense
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2025-4654

    The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticat... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2024-38829

    A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. Th... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 10, 2024

  • 3.7

    LOW
    CVE-2025-53492

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.7

    LOW
    CVE-2012-5659

    Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment v... Read more

    Affected Products : automatic_bug_reporting_tool
    • Published: Mar. 12, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2013-1959

    kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying t... Read more

    Affected Products : linux_kernel
    • Published: May. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-22403

    Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are i... Read more

    Affected Products : nextcloud_server notes
    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2013-0219

    System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.... Read more

    Affected Products : enterprise_linux sssd
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2023-38546

    This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for s... Read more

    Affected Products : curl libcurl
    • Published: Oct. 18, 2023
    • Modified: Feb. 13, 2025

  • 3.7

    LOW
    CVE-2006-4886

    The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clic... Read more

    Affected Products : virusscan_enterprise scan_engine
    • Published: Sep. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-42010

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2025-48946

    liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malf... Read more

    Affected Products : liboqs
    • Published: May. 30, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cryptography

  • 3.7

    LOW
    CVE-2011-0839

    Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2025-54352

    WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior.... Read more

    Affected Products : wordpress
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-42988

    Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable t... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-31362

    Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available. The vendor provides the workaround information and recommends to apply it to the deployment envi... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cryptography

  • 3.7

    LOW
    CVE-2024-21131

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; O... Read more

    • Published: Jul. 16, 2024
    • Modified: Dec. 05, 2024
Showing 20 of 292803 Results