Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2024-10920

    A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters... Read more

    Affected Products : travels-java-api
    • Published: Nov. 06, 2024
    • Modified: Nov. 22, 2024

  • 3.7

    LOW
    CVE-2024-30110

    HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways.... Read more

    Affected Products :
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-30109

    HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.... Read more

    Affected Products :
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-28858

    redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response... Read more

    Affected Products : redis redis-py
    • Published: Mar. 26, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2025-23165

    In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on ever... Read more

    Affected Products : node.js
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2023-32251

    A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of async... Read more

    Affected Products : linux_kernel
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2003-1058

    The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on tempor... Read more

    Affected Products : solaris sunos
    • Published: Dec. 03, 2003
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2000-0579

    IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.... Read more

    Affected Products : irix
    • Published: Jun. 21, 2000
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2000-0578

    SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user.... Read more

    Affected Products : mipspro_compilers
    • Published: Jun. 21, 2000
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2003-0480

    VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."... Read more

    Affected Products : workstation
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2005-4268

    Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.... Read more

    Affected Products : cpio
    • Published: Dec. 15, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2025-24473

    A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windo... Read more

    Affected Products : forticlient
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2024-25616

    Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depe... Read more

    Affected Products : arubaos
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 3.7

    LOW
    CVE-2006-1166

    Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context... Read more

    Affected Products : monotone
    • Published: Mar. 12, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2024-46665

    An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-req... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-49005

    Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to ... Read more

    Affected Products : next.js vercel
    • Published: Jul. 03, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2025-53492

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.7

    LOW
    CVE-2025-4654

    The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticat... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2008-4229

    Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.... Read more

    Affected Products : iphone_os ipod_touch
    • Published: Nov. 25, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2008-1696

    Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter.... Read more

    Affected Products : dazphpnews
    • Published: Apr. 08, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293622 Results