Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2025-58272

    Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.7

    LOW
    CVE-2025-3416

    A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input a... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2025-4056

    A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.... Read more

    Affected Products : glib windows
    • Published: Jul. 28, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2025-46712

    Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allo... Read more

    Affected Products : otp
    • Published: May. 08, 2025
    • Modified: May. 12, 2025

  • 3.7

    LOW
    CVE-2024-4596

    A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack... Read more

    Affected Products : kimai
    • Published: May. 07, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-4063

    A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to ini... Read more

    Affected Products :
    • Published: Apr. 23, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2011-2300

    Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2008-1142

    rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE... Read more

    • Published: Apr. 07, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2006-2452

    GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional priv... Read more

    Affected Products : gdm
    • Published: Jun. 09, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2024-7883

    When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first us... Read more

    Affected Products :
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 3.7

    LOW
    CVE-2005-0953

    Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.... Read more

    Affected Products : bzip2
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2025-51586

    An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.... Read more

    Affected Products : prestashop
    • Published: Sep. 08, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-7039

    A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vuln... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 3.7

    LOW
    CVE-2022-41862

    In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninit... Read more

    • Published: Mar. 03, 2023
    • Modified: Mar. 07, 2025

  • 3.7

    LOW
    CVE-2022-35252

    When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to a... Read more

    • Published: Sep. 23, 2022
    • Modified: May. 05, 2025

  • 3.7

    LOW
    CVE-2022-41983

    On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can ... Read more

    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-3803

    A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation... Read more

    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-45453

    Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance Redirect: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 3.7

    LOW
    CVE-2024-47869

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacke... Read more

    Affected Products : gradio
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 3.7

    LOW
    CVE-2021-37845

    An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in R... Read more

    Affected Products : webcit
    • Published: May. 29, 2023
    • Modified: Jan. 14, 2025
Showing 20 of 293352 Results