Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2025-3360

    A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.... Read more

    Affected Products : glib
    • Published: Apr. 07, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2025-50065

    Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is affected is Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network ac... Read more

    Affected Products : graalvm_for_jdk
    • Published: Jul. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2025-53857

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions e... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2011-0839

    Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2011-1758

    The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows loca... Read more

    Affected Products : sssd
    • Published: May. 26, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2025-32789

    EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of... Read more

    Affected Products : espocrm
    • Published: Apr. 16, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-42988

    Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable t... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2024-58249

    In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL.... Read more

    Affected Products : wxwidgets
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-1999-0401

    A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2016-9015

    Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-m... Read more

    Affected Products : urllib3
    • Published: Jan. 11, 2017
    • Modified: Apr. 20, 2025

  • 3.7

    LOW
    CVE-2001-0317

    Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.... Read more

    Affected Products : linux_kernel
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2012-4572

    Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class nam... Read more

    • Published: Oct. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-21671

    The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in... Read more

    Affected Products : vantage6
    • Published: Jan. 30, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2012-0105

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.... Read more

    Affected Products : vm_virtualbox virtualization
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2011-1658

    ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to ... Read more

    Affected Products : glibc
    • Published: Apr. 08, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2025-24432

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Race Condition

  • 3.7

    LOW
    CVE-2024-46665

    An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-req... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-48015

    Failed login response could be different depending on whether the username was local or central.... Read more

    Affected Products :
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-6011

    A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Com... Read more

    Affected Products : vault
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2025-24430

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Race Condition
Showing 20 of 293625 Results