Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2021-37845

    An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in R... Read more

    Affected Products : webcit
    • Published: May. 29, 2023
    • Modified: Jan. 14, 2025

  • 3.7

    LOW
    CVE-2022-21624

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2021-43980

    The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18... Read more

    Affected Products : debian_linux tomcat
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 3.7

    LOW
    CVE-2022-21619

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition:... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-23292

    Microsoft Power BI Spoofing Vulnerability... Read more

    Affected Products : on-premises_data_gateway
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-31679

    Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP reque... Read more

    Affected Products : spring_data_rest
    • Published: Sep. 21, 2022
    • Modified: May. 22, 2025

  • 3.7

    LOW
    CVE-2025-7974

    rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : rocket.chat
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2024-41760

    IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography

  • 3.7

    LOW
    CVE-2024-30130

    HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.... Read more

    Affected Products : nomad_server_on_domino
    • Published: Jul. 19, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-48711

    google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `transla... Read more

    Affected Products : google_translate_api_browser
    • Published: Nov. 24, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2020-26229

    TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not pos... Read more

    Affected Products : typo3
    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2000-0799

    inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.... Read more

    Affected Products : irix
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-40160

    Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server.... Read more

    Affected Products :
    • Published: Mar. 18, 2024
    • Modified: Mar. 24, 2025

  • 3.7

    LOW
    CVE-2023-28858

    redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response... Read more

    Affected Products : redis redis-py
    • Published: Mar. 26, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-28322

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the s... Read more

    • Published: May. 26, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-26084

    The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.... Read more

    Affected Products : aarch64cryptolib
    • Published: Mar. 15, 2023
    • Modified: Feb. 27, 2025

  • 3.7

    LOW
    CVE-2023-32994

    Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to inte... Read more

    Affected Products : saml_single_sign_on
    • Published: May. 16, 2023
    • Modified: Jan. 23, 2025

  • 3.7

    LOW
    CVE-2023-32251

    A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of async... Read more

    Affected Products : linux_kernel
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2024-10920

    A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters... Read more

    Affected Products : travels-java-api
    • Published: Nov. 06, 2024
    • Modified: Nov. 22, 2024

  • 3.7

    LOW
    CVE-2003-1120

    Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.... Read more

    Affected Products : tectia_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293329 Results