Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2023-38546

    This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for s... Read more

    Affected Products : curl libcurl
    • Published: Oct. 18, 2023
    • Modified: Feb. 13, 2025

  • 3.7

    LOW
    CVE-2011-0812

    Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-3689

    A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads t... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-12300

    The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3. This makes it possible for unauthenti... Read more

    Affected Products : ar
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 3.7

    LOW
    CVE-2024-31265

    Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-43944

    Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect Animation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance & Coming Soon Redirect Animation: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 3.7

    LOW
    CVE-2001-1085

    Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : lmail
    • Published: Jul. 05, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2004-1683

    A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.... Read more

    Affected Products : rtos
    • Published: Sep. 13, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-47818

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n/a through 2.1.8.... Read more

    Affected Products : lws_hide_login
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2000-0799

    inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.... Read more

    Affected Products : irix
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-40160

    Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server.... Read more

    Affected Products :
    • Published: Mar. 18, 2024
    • Modified: Mar. 24, 2025

  • 3.7

    LOW
    CVE-2024-35232

    github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2. ... Read more

    Affected Products :
    • Published: May. 24, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-22139

    Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows Functionality Bypass.This issue affects WordPress Manutenção: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-2482

    A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The m... Read more

    Affected Products : hostel_management_system
    • Published: Mar. 15, 2024
    • Modified: Jan. 23, 2025

  • 3.7

    LOW
    CVE-2023-37948

    Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.... Read more

    Affected Products : cloud_infrastructure_compute
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-2583

    A race condition can cause incorrect HTTP request routing.... Read more

    Affected Products : gobase
    • Published: Dec. 27, 2022
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2022-45433

    Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the tr... Read more

    • Published: Dec. 27, 2022
    • Modified: Apr. 14, 2025

  • 3.7

    LOW
    CVE-2024-0347

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements... Read more

    Affected Products : engineers_online_portal
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-30480

    Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows Functionality Bypass.This issue affects CGC Maintenance Mode: from n/a through 1.2.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2016-0688

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Components.... Read more

    Affected Products : weblogic_server
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293330 Results