Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-1417

    do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that trigger... Read more

    Affected Products : kerberos_5 kerberos
    • EPSS Score: %0.54
    • Published: Nov. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-3197

    Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the con... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.47
    • Published: Jul. 16, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2011-2372

    Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access ... Read more

    Affected Products : firefox thunderbird seamonkey
    • EPSS Score: %0.43
    • Published: Sep. 29, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2021-2334

    Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Creat... Read more

    Affected Products : database database_server
    • EPSS Score: %0.21
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-22193

    An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.28
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-3285

    The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2)... Read more

    Affected Products : networker
    • EPSS Score: %0.19
    • Published: Nov. 02, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-4049

    In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity sel... Read more

    Affected Products : fedora debian_linux wordpress
    • EPSS Score: %2.29
    • Published: Jun. 12, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-36479

    Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet... Read more

    Affected Products : debian_linux jetty
    • EPSS Score: %0.63
    • Published: Sep. 15, 2023
    • Modified: May. 27, 2025

  • 3.5

    LOW
    CVE-2020-24586

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when anothe... Read more

    • EPSS Score: %0.25
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-15103

    In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly acc... Read more

    • EPSS Score: %0.22
    • Published: Jul. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2019-20382

    QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.... Read more

    Affected Products : ubuntu_linux debian_linux leap qemu
    • EPSS Score: %0.21
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-1996

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network ac... Read more

    • EPSS Score: %0.39
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-4055

    Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051.... Read more

    Affected Products : lotus_domino
    • EPSS Score: %0.17
    • Published: Nov. 08, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2023-48608

    Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this iss... Read more

    • EPSS Score: %0.52
    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-45486

    In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.... Read more

    • EPSS Score: %0.01
    • Published: Dec. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2025-47288

    Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. Thi... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-31494

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+g... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Apr. 15, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-49000

    InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticate... Read more

    Affected Products : inventree
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2015-0370

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2013-5858.... Read more

    Affected Products : database_server
    • EPSS Score: %0.27
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1807

    Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.... Read more

    Affected Products : openshift jenkins jenkins
    • EPSS Score: %0.16
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291739 Results