Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2006-4393

    Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2023-22025

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.... Read more

    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-21208

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Or... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Oct. 15, 2024
    • Modified: Jun. 18, 2025

  • 3.7

    LOW
    CVE-2008-3294

    src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file... Read more

    Affected Products : vim
    • Published: Jul. 24, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2023-28301

    Microsoft Edge (Chromium-based) Tampering Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Apr. 11, 2023
    • Modified: Feb. 28, 2025

  • 3.7

    LOW
    CVE-2003-1058

    The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on tempor... Read more

    Affected Products : solaris sunos
    • Published: Dec. 03, 2003
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2001-1349

    Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.... Read more

    Affected Products : sendmail
    • Published: May. 28, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2005-1751

    Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.... Read more

    Affected Products : shtool
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-34401

    Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-o... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2023-32251

    A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of async... Read more

    Affected Products : linux_kernel
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2023-32994

    Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to inte... Read more

    Affected Products : saml_single_sign_on
    • Published: May. 16, 2023
    • Modified: Jan. 23, 2025

  • 3.7

    LOW
    CVE-2005-0988

    Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after t... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2020-2900

    Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via mult... Read more

    Affected Products : graalvm
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-45453

    Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance Redirect: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 3.7

    LOW
    CVE-2023-33855

    Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack.... Read more

    • Published: Mar. 26, 2024
    • Modified: Jul. 25, 2025

  • 3.7

    LOW
    CVE-2024-20955

    Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 2... Read more

    Affected Products : graalvm graalvm_for_jdk
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 3.7

    LOW
    CVE-2024-32708

    Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through 3.0.1.... Read more

    Affected Products : maintenance_mode
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-36325

    i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Nov. 04, 2024

  • 3.7

    LOW
    CVE-2023-37948

    Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.... Read more

    Affected Products : cloud_infrastructure_compute
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-23985

    Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. ... Read more

    Affected Products : quiz_maker
    • Published: Apr. 24, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293512 Results