Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2004-2643

    Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.... Read more

    Affected Products : cabarc
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-30857

    @aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` deco... Read more

    Affected Products : ion
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-41914

    Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constan... Read more

    Affected Products : zulip zulip_server
    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-34394

    Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. ... Read more

    Affected Products : networking_os10 smartfabric_os10
    • Published: Sep. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-43427

    A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third part... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 3.7

    LOW
    CVE-2023-28168

    Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 3.7

    LOW
    CVE-2006-1830

    Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : java_studio_enterprise
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-30954

    The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.... Read more

    Affected Products : video-application-server
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-30480

    Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows Functionality Bypass.This issue affects CGC Maintenance Mode: from n/a through 1.2.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2004-1683

    A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.... Read more

    Affected Products : rtos
    • Published: Sep. 13, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2001-1085

    Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : lmail
    • Published: Jul. 05, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2005-1993

    Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.... Read more

    Affected Products : sudo
    • Published: Jun. 20, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2012-0787

    The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the ... Read more

    Affected Products : enterprise_linux augeas
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2013-5710

    The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance.... Read more

    Affected Products : freebsd
    • Published: Sep. 23, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2025-32471

    The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cryptography

  • 3.7

    LOW
    CVE-2025-47295

    A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare condition... Read more

    Affected Products : fortios
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2025-29923

    go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can happen when the client is... Read more

    Affected Products :
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Race Condition

  • 3.7

    LOW
    CVE-2021-2448

    Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 20.1.2. Difficult to exploit vulnerability allows high ... Read more

    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-36325

    i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Nov. 04, 2024

  • 3.7

    LOW
    CVE-2024-42332

    The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to ... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024
Showing 20 of 293259 Results