Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2006-2035

    Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL.... Read more

    Affected Products : websense
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2004-1445

    A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.... Read more

    Affected Products : nessus
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2006-1166

    Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context... Read more

    Affected Products : monotone
    • Published: Mar. 12, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2008-4229

    Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.... Read more

    Affected Products : iphone_os ipod_touch
    • Published: Nov. 25, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2025-48015

    Failed login response could be different depending on whether the username was local or central.... Read more

    Affected Products :
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-49005

    Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to ... Read more

    Affected Products : next.js
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2024-21671

    The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in... Read more

    Affected Products : vantage6
    • Published: Jan. 30, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2012-4572

    Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class nam... Read more

    • Published: Oct. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2012-5659

    Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment v... Read more

    Affected Products : automatic_bug_reporting_tool
    • Published: Mar. 12, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-22403

    Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are i... Read more

    Affected Products : nextcloud_server notes
    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-21144

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and... Read more

    • Published: Jul. 16, 2024
    • Modified: Dec. 16, 2024

  • 3.7

    LOW
    CVE-2024-21131

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; O... Read more

    • Published: Jul. 16, 2024
    • Modified: Dec. 05, 2024

  • 3.7

    LOW
    CVE-2024-21098

    Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.... Read more

    Affected Products : graalvm graalvm_for_jdk
    • Published: Apr. 16, 2024
    • Modified: Dec. 06, 2024

  • 3.7

    LOW
    CVE-2005-4667

    Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vul... Read more

    Affected Products : unzip
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2015-0121

    IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirem... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2007-0775

    Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execut... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Feb. 26, 2007
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2011-0812

    Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-44575

    RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.... Read more

    Affected Products : rely-pcie_firmware rely-pcie
    • Published: Sep. 11, 2024
    • Modified: Apr. 28, 2025

  • 3.7

    LOW
    CVE-2007-1742

    suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using ... Read more

    Affected Products : http_server
    • Published: Apr. 13, 2007
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2000-0579

    IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.... Read more

    Affected Products : irix
    • Published: Jun. 21, 2000
    • Modified: Apr. 03, 2025
Showing 20 of 292876 Results