Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2023-28301

    Microsoft Edge (Chromium-based) Tampering Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Apr. 11, 2023
    • Modified: Feb. 28, 2025

  • 3.7

    LOW
    CVE-2005-4268

    Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.... Read more

    Affected Products : cpio
    • Published: Dec. 15, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-38872

    An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.... Read more

    Affected Products : economizzer economizzer
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2006-1335

    gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard s... Read more

    Affected Products : screensaver
    • Published: Mar. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-38700

    matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.... Read more

    Affected Products : matrix_irc_bridge
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2003-1120

    Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.... Read more

    Affected Products : tectia_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2003-1058

    The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on tempor... Read more

    Affected Products : solaris sunos
    • Published: Dec. 03, 2003
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2005-4667

    Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vul... Read more

    Affected Products : unzip
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2002-2092

    Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.... Read more

    Affected Products : freebsd netbsd openbsd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-34401

    Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-o... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2023-41306

    Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2005-0988

    Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after t... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-32994

    Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to inte... Read more

    Affected Products : saml_single_sign_on
    • Published: May. 16, 2023
    • Modified: Jan. 23, 2025

  • 3.7

    LOW
    CVE-2024-9506

    Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 3.7

    LOW
    CVE-1999-0141

    Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.... Read more

    Affected Products : navigator
    • Published: Mar. 29, 1996
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-1999-0401

    A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2016-9015

    Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-m... Read more

    Affected Products : urllib3
    • Published: Jan. 11, 2017
    • Modified: Apr. 20, 2025

  • 3.7

    LOW
    CVE-1999-0123

    Race condition in Linux mailx command allows local users to read user files.... Read more

    Affected Products : slackware_linux
    • Published: Dec. 01, 1995
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2025-24432

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Race Condition

  • 3.7

    LOW
    CVE-2025-24430

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Race Condition
Showing 20 of 293414 Results