Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2025-4945

    A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overfl... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2005-1993

    Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.... Read more

    Affected Products : sudo
    • Published: Jun. 20, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2021-21416

    django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account regist... Read more

    Affected Products : django-registration
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2011-2300

    Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2006-2452

    GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional priv... Read more

    Affected Products : gdm
    • Published: Jun. 09, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2008-1142

    rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE... Read more

    • Published: Apr. 07, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2011-2503

    The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the... Read more

    Affected Products : systemtap
    • Published: Jul. 26, 2012
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2015-7408

    The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy auth... Read more

    Affected Products : tivoli_storage_manager
    • Published: Feb. 15, 2016
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2012-0081

    Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration.... Read more

    Affected Products : glassfish_server
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2005-1727

    Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."... Read more

    Affected Products : mac_os_x_server
    • Published: Jun. 08, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2007-0472

    Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to... Read more

    Affected Products : smb4k
    • Published: Feb. 03, 2007
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2024-56339

    IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2013-5710

    The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance.... Read more

    Affected Products : freebsd
    • Published: Sep. 23, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2023-23985

    Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. ... Read more

    Affected Products : quiz_maker
    • Published: Apr. 24, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2025-32471

    The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cryptography

  • 3.7

    LOW
    CVE-2025-32421

    Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `p... Read more

    Affected Products : next.js
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Race Condition

  • 3.7

    LOW
    CVE-2023-41263

    An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing appl... Read more

    Affected Products : scrutinizer
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2001-0627

    vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : openserver
    • Published: Aug. 22, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2016-9015

    Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-m... Read more

    Affected Products : urllib3
    • Published: Jan. 11, 2017
    • Modified: Apr. 20, 2025

  • 3.7

    LOW
    CVE-2024-10977

    Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a h... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: Feb. 20, 2025
Showing 20 of 292801 Results