Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2023-30857

    @aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` deco... Read more

    Affected Products : ion
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-9654

    The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the inte... Read more

    Affected Products : easy_digital_downloads
    • Published: Dec. 17, 2024
    • Modified: Feb. 07, 2025

  • 3.7

    LOW
    CVE-2022-39231

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for _Facebook_ and _Spotify_ may be circumvented.... Read more

    Affected Products : parse-server
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-34394

    Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. ... Read more

    Affected Products : networking_os10 smartfabric_os10
    • Published: Sep. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2012-3128

    Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager.... Read more

    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2025-49221

    Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2023-33855

    Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack.... Read more

    • Published: Mar. 26, 2024
    • Modified: Jul. 25, 2025

  • 3.7

    LOW
    CVE-2025-8515

    A vulnerability was found in Intelbras InControl 2.21.60.9 and classified as problematic. This issue affects some unknown processing of the file /v1/operador/ of the component JSON Endpoint. The manipulation leads to information disclosure. The attack may... Read more

    Affected Products : incontrol_web
    • Published: Aug. 04, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2024-2482

    A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The m... Read more

    Affected Products : hostel_management_system
    • Published: Mar. 15, 2024
    • Modified: Jan. 23, 2025

  • 3.7

    LOW
    CVE-2025-31961

    HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.... Read more

    Affected Products : connections
    • Published: Aug. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2025-7974

    rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : rocket.chat
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2025-8283

    A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a contain... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2025-25046

    IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.... Read more

    Affected Products : infosphere_information_server
    • Published: Apr. 23, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-58272

    Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.7

    LOW
    CVE-2024-43173

    IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.... Read more

    Affected Products : concert
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 3.7

    LOW
    CVE-2025-7039

    A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vuln... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 3.7

    LOW
    CVE-2025-8204

    A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be l... Read more

    Affected Products : dragon
    • Published: Jul. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2024-21211

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Orac... Read more

    • Published: Oct. 15, 2024
    • Modified: Jun. 23, 2025

  • 3.7

    LOW
    CVE-2010-1161

    Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.... Read more

    Affected Products : nano
    • Published: Apr. 16, 2010
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2008-0883

    acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.... Read more

    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293645 Results