Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2023-49559

    An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.... Read more

    Affected Products :
    • Published: Jun. 12, 2024
    • Modified: Dec. 03, 2024

  • 3.7

    LOW
    CVE-2024-43944

    Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect Animation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance & Coming Soon Redirect Animation: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 3.7

    LOW
    CVE-2024-30119

    HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This could allow an attacker to intercept or manipulate data during redirection.... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2025-32421

    Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `p... Read more

    Affected Products : next.js
    • Published: May. 14, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Race Condition

  • 3.7

    LOW
    CVE-2025-23165

    In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on ever... Read more

    Affected Products : node.js
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2001-1349

    Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.... Read more

    Affected Products : sendmail
    • Published: May. 28, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2004-2643

    Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.... Read more

    Affected Products : cabarc
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2003-1058

    The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on tempor... Read more

    Affected Products : solaris sunos
    • Published: Dec. 03, 2003
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2016-0688

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Components.... Read more

    Affected Products : weblogic_server
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2013-5229

    The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restri... Read more

    Affected Products : mac_os_x apple_remote_desktop
    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2023-28301

    Microsoft Edge (Chromium-based) Tampering Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Apr. 11, 2023
    • Modified: Feb. 28, 2025

  • 3.7

    LOW
    CVE-2025-32471

    The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cryptography

  • 3.7

    LOW
    CVE-2025-24912

    hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authent... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2025-29923

    go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can happen when the client is... Read more

    Affected Products :
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Race Condition

  • 3.7

    LOW
    CVE-2005-1993

    Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.... Read more

    Affected Products : sudo
    • Published: Jun. 20, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2012-0787

    The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the ... Read more

    Affected Products : enterprise_linux augeas
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2000-1162

    ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.... Read more

    Affected Products : ghostscript
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2025-4945

    A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overfl... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2025-8204

    A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be l... Read more

    Affected Products : dragon
    • Published: Jul. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2025-8283

    A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a contain... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293635 Results