Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2023-49748

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11.... Read more

    Affected Products :
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2002-0430

    MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.... Read more

    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2002-2092

    Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.... Read more

    Affected Products : freebsd netbsd openbsd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2016-9015

    Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-m... Read more

    Affected Products : urllib3
    • Published: Jan. 11, 2017
    • Modified: Apr. 20, 2025

  • 3.7

    LOW
    CVE-2011-1758

    The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows loca... Read more

    Affected Products : sssd
    • Published: May. 26, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2025-32789

    EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of... Read more

    Affected Products : espocrm
    • Published: Apr. 16, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2024-10106

    A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer.... Read more

    Affected Products : emberznet emberznet_sdk
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2023-42010

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2006-1166

    Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context... Read more

    Affected Products : monotone
    • Published: Mar. 12, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-22044

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise ... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-22045

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle Gra... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-21949

    Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Ne... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-22036

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edi... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-21968

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 2... Read more

    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-22051

    Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17... Read more

    Affected Products : graalvm graalvm_for_jdk
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-22049

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle G... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-21938

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 2... Read more

    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2000-0409

    Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.... Read more

    Affected Products : communicator
    • Published: May. 10, 2000
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-22025

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.... Read more

    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2025-53492

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293355 Results