Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2013-0404

    Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.... Read more

    Affected Products : sunos solaris
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-4063

    A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to ini... Read more

    Affected Products :
    • Published: Apr. 23, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-4596

    A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack... Read more

    Affected Products : kimai
    • Published: May. 07, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2005-0953

    Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.... Read more

    Affected Products : bzip2
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2007-0235

    Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its add... Read more

    Affected Products : libgtop
    • Published: Jan. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2005-1727

    Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."... Read more

    Affected Products : mac_os_x_server
    • Published: Jun. 08, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2015-1841

    The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.... Read more

    Affected Products : enterprise_virtualization
    • Published: Sep. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2015-4834

    Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones.... Read more

    Affected Products : solaris
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2007-0472

    Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to... Read more

    Affected Products : smb4k
    • Published: Feb. 03, 2007
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2024-42332

    The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to ... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 3.7

    LOW
    CVE-2024-21217

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23;... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 3.7

    LOW
    CVE-2008-0883

    acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.... Read more

    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2013-7347

    Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-335... Read more

    Affected Products : enterprise_linux conga
    • Published: Mar. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2024-30110

    HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways.... Read more

    Affected Products :
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-39302

    BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0`... Read more

    Affected Products : bigbluebutton
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-49559

    An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.... Read more

    Affected Products :
    • Published: Jun. 12, 2024
    • Modified: Dec. 03, 2024

  • 3.7

    LOW
    CVE-2023-49741

    Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3.... Read more

    Affected Products :
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-47769

    Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through 6.1.3.... Read more

    Affected Products : wp_maintenance
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-30109

    HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.... Read more

    Affected Products :
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2025-59377

    feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is unrelated to mcp-server-kubernetes and CVE-2025-53355.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection
Showing 20 of 293947 Results