Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2023-36325

    i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Nov. 04, 2024

  • 3.7

    LOW
    CVE-2023-43814

    Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll pa... Read more

    Affected Products : discourse
    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-28168

    Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 3.7

    LOW
    CVE-2006-1830

    Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : java_studio_enterprise
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2025-58272

    Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.7

    LOW
    CVE-2024-41760

    IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography

  • 3.7

    LOW
    CVE-2025-25046

    IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.... Read more

    Affected Products : infosphere_information_server
    • Published: Apr. 23, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-8204

    A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be l... Read more

    Affected Products : dragon
    • Published: Jul. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2025-8283

    A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a contain... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2025-7974

    rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : rocket.chat
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2008-1142

    rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE... Read more

    • Published: Apr. 07, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2024-7883

    When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first us... Read more

    Affected Products :
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 3.7

    LOW
    CVE-2022-31679

    Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP reque... Read more

    Affected Products : spring_data_rest
    • Published: Sep. 21, 2022
    • Modified: May. 22, 2025

  • 3.7

    LOW
    CVE-2023-3803

    A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation... Read more

    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-45453

    Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance Redirect: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 3.7

    LOW
    CVE-2024-4063

    A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to ini... Read more

    Affected Products :
    • Published: Apr. 23, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2021-43980

    The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18... Read more

    Affected Products : debian_linux tomcat
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 3.7

    LOW
    CVE-2022-39399

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 a... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-33847

    IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link ... Read more

    • Published: Jun. 08, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2025-51586

    An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.... Read more

    Affected Products : prestashop
    • Published: Sep. 08, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293260 Results