Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2023-28168

    Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 3.7

    LOW
    CVE-2025-31961

    HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.... Read more

    Affected Products : connections
    • Published: Aug. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2005-1039

    Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.... Read more

    Affected Products : coreutils
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-41263

    An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing appl... Read more

    Affected Products : scrutinizer
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2025-1152

    A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity ... Read more

    Affected Products : binutils
    • Published: Feb. 10, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2024-30114

    Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.7

    LOW
    CVE-2025-22151

    Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydant... Read more

    Affected Products : strawberry
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-24912

    hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authent... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2025-29923

    go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can happen when the client is... Read more

    Affected Products :
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Race Condition

  • 3.7

    LOW
    CVE-2023-48335

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9.... Read more

    Affected Products :
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2004-2626

    GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.... Read more

    Affected Products : s55
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-52147

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security ... Read more

    Affected Products :
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-27437

    Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf.... Read more

    Affected Products :
    • Published: Jun. 03, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-4062

    A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity... Read more

    Affected Products :
    • Published: Apr. 23, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-6467

    A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement ... Read more

    Affected Products : icecms
    • Published: Dec. 02, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-39886

    TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of ... Read more

    Affected Products :
    • Published: Jul. 10, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2020-2900

    Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via mult... Read more

    Affected Products : graalvm
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-3803

    A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation... Read more

    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-47869

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacke... Read more

    Affected Products : gradio
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 3.7

    LOW
    CVE-2025-25046

    IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.... Read more

    Affected Products : infosphere_information_server
    • Published: Apr. 23, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293609 Results