Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2005-0988

    Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after t... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2024-3689

    A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads t... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-43944

    Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect Animation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance & Coming Soon Redirect Animation: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 3.7

    LOW
    CVE-2024-31265

    Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2025-32421

    Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `p... Read more

    Affected Products : next.js
    • Published: May. 14, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Race Condition

  • 3.7

    LOW
    CVE-2024-21208

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Or... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Oct. 15, 2024
    • Modified: Jun. 18, 2025

  • 3.7

    LOW
    CVE-2008-3294

    src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file... Read more

    Affected Products : vim
    • Published: Jul. 24, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2024-2606

    Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.... Read more

    Affected Products : firefox
    • Published: Mar. 19, 2024
    • Modified: Apr. 01, 2025

  • 3.7

    LOW
    CVE-2025-23165

    In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on ever... Read more

    Affected Products : node.js
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2025-24473

    A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windo... Read more

    Affected Products : forticlient
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2005-4268

    Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.... Read more

    Affected Products : cpio
    • Published: Dec. 15, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2010-0014

    System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation tha... Read more

    Affected Products : sssd
    • Published: Jan. 14, 2010
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2023-38700

    matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.... Read more

    Affected Products : matrix_irc_bridge
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-28301

    Microsoft Edge (Chromium-based) Tampering Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Apr. 11, 2023
    • Modified: Feb. 28, 2025

  • 3.7

    LOW
    CVE-2003-0480

    VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."... Read more

    Affected Products : workstation
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2024-21098

    Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.... Read more

    Affected Products : graalvm graalvm_for_jdk
    • Published: Apr. 16, 2024
    • Modified: Dec. 06, 2024

  • 3.7

    LOW
    CVE-2012-4572

    Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class nam... Read more

    • Published: Oct. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-21131

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; O... Read more

    • Published: Jul. 16, 2024
    • Modified: Dec. 05, 2024

  • 3.7

    LOW
    CVE-2012-1720

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confident... Read more

    Affected Products : jdk jre jre jdk
    • Published: Jun. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2023-21937

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: ... Read more

    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293564 Results