Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2023-38546

    This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for s... Read more

    Affected Products : curl libcurl
    • Published: Oct. 18, 2023
    • Modified: Feb. 13, 2025

  • 3.7

    LOW
    CVE-2021-41136

    Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request throu... Read more

    Affected Products : debian_linux puma
    • Published: Oct. 12, 2021
    • Modified: May. 27, 2025

  • 3.7

    LOW
    CVE-2015-0121

    IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirem... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2021-42948

    HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.... Read more

    Affected Products : hoteldruid
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2006-4886

    The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clic... Read more

    Affected Products : virusscan_enterprise scan_engine
    • Published: Sep. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-42010

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-3375

    An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has... Read more

    Affected Products : gitlab
    • Published: Apr. 05, 2023
    • Modified: Feb. 10, 2025

  • 3.7

    LOW
    CVE-2020-26229

    TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not pos... Read more

    Affected Products : typo3
    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2000-0799

    inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.... Read more

    Affected Products : irix
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-40160

    Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server.... Read more

    Affected Products :
    • Published: Mar. 18, 2024
    • Modified: Mar. 24, 2025

  • 3.7

    LOW
    CVE-2022-45433

    Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the tr... Read more

    • Published: Dec. 27, 2022
    • Modified: Apr. 14, 2025

  • 3.7

    LOW
    CVE-2023-30857

    @aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` deco... Read more

    Affected Products : ion
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-2583

    A race condition can cause incorrect HTTP request routing.... Read more

    Affected Products : gobase
    • Published: Dec. 27, 2022
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-43427

    A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third part... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 3.7

    LOW
    CVE-2023-5117

    An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the ... Read more

    Affected Products : gitlab
    • Published: Dec. 25, 2024
    • Modified: Jul. 11, 2025

  • 3.7

    LOW
    CVE-2023-28168

    Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 3.7

    LOW
    CVE-2024-31265

    Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-2355

    A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information... Read more

    Affected Products : secret-coder-php-project
    • Published: Mar. 10, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-3689

    A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads t... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2021-2448

    Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 20.1.2. Difficult to exploit vulnerability allows high ... Read more

    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293589 Results