Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2024-9506

    Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 3.7

    LOW
    CVE-2016-9015

    Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-m... Read more

    Affected Products : urllib3
    • Published: Jan. 11, 2017
    • Modified: Apr. 20, 2025

  • 3.7

    LOW
    CVE-2024-38829

    A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. Th... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 10, 2024

  • 3.7

    LOW
    CVE-2024-46665

    An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-req... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-49005

    Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to ... Read more

    Affected Products : next.js
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2008-4229

    Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.... Read more

    Affected Products : iphone_os ipod_touch
    • Published: Nov. 25, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2006-2035

    Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL.... Read more

    Affected Products : websense
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2025-53492

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.7

    LOW
    CVE-2025-4654

    The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticat... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-1999-0401

    A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2005-1768

    Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that... Read more

    Affected Products : linux_kernel
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2001-0627

    vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : openserver
    • Published: Aug. 22, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2009-0415

    Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path.... Read more

    Affected Products : trickle
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2015-1841

    The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.... Read more

    Affected Products : enterprise_virtualization
    • Published: Sep. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2010-4450

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows l... Read more

    Affected Products : jre sdk jdk
    • Published: Feb. 17, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2021-41136

    Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request throu... Read more

    Affected Products : debian_linux puma
    • Published: Oct. 12, 2021
    • Modified: May. 27, 2025

  • 3.7

    LOW
    CVE-2013-5147

    Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.... Read more

    Affected Products : iphone_os
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2007-0775

    Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execut... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Feb. 26, 2007
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2006-2452

    GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional priv... Read more

    Affected Products : gdm
    • Published: Jun. 09, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2024-21011

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracl... Read more

    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025
Showing 20 of 293289 Results