Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2025-42988

    Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable t... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-6011

    A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Com... Read more

    Affected Products : vault
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2007-0235

    Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its add... Read more

    Affected Products : libgtop
    • Published: Jan. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2015-1841

    The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.... Read more

    Affected Products : enterprise_virtualization
    • Published: Sep. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2014-0476

    The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.... Read more

    Affected Products : ubuntu_linux chkrootkit
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2024-10977

    Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a h... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: Feb. 20, 2025

  • 3.7

    LOW
    CVE-2011-4316

    Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop ses... Read more

    Affected Products : enterprise_virtualization_manager
    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-11856

    A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification.... Read more

    Affected Products :
    • Published: Dec. 02, 2024
    • Modified: Dec. 02, 2024

  • 3.7

    LOW
    CVE-2023-38546

    This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for s... Read more

    Affected Products : curl libcurl
    • Published: Oct. 18, 2023
    • Modified: Feb. 13, 2025

  • 3.7

    LOW
    CVE-2004-1465

    Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.... Read more

    Affected Products : winzip
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2015-0121

    IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirem... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2013-5147

    Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.... Read more

    Affected Products : iphone_os
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2021-41136

    Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request throu... Read more

    Affected Products : debian_linux puma
    • Published: Oct. 12, 2021
    • Modified: May. 27, 2025

  • 3.7

    LOW
    CVE-2010-4450

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows l... Read more

    Affected Products : jre sdk jdk
    • Published: Feb. 17, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2025-32943

    The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Path Traversal

  • 3.7

    LOW
    CVE-2011-0839

    Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-42174

    HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames.... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2005-4667

    Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vul... Read more

    Affected Products : unzip
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2024-10106

    A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer.... Read more

    Affected Products : emberznet emberznet_sdk
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2011-1758

    The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows loca... Read more

    Affected Products : sssd
    • Published: May. 26, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293499 Results