Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2023-22036

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edi... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-22044

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise ... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-22045

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle Gra... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-22049

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle G... Read more

    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2006-4393

    Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2023-22025

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.... Read more

    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2008-3294

    src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file... Read more

    Affected Products : vim
    • Published: Jul. 24, 2008
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2023-38700

    matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.... Read more

    Affected Products : matrix_irc_bridge
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2025-24473

    A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windo... Read more

    Affected Products : forticlient
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2023-49559

    An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.... Read more

    Affected Products :
    • Published: Jun. 12, 2024
    • Modified: Dec. 03, 2024

  • 3.7

    LOW
    CVE-2023-47769

    Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through 6.1.3.... Read more

    Affected Products : wp_maintenance
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-49741

    Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3.... Read more

    Affected Products :
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2025-51586

    An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.... Read more

    Affected Products : prestashop
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-59376

    feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word (i.e., "version") is not... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2024-25616

    Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depe... Read more

    Affected Products : arubaos
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 3.7

    LOW
    CVE-2025-59377

    feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is unrelated to mcp-server-kubernetes and CVE-2025-53355.... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 3.7

    LOW
    CVE-2023-33849

    IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.... Read more

    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2006-4886

    The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clic... Read more

    Affected Products : virusscan_enterprise scan_engine
    • Published: Sep. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2013-5229

    The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restri... Read more

    Affected Products : mac_os_x apple_remote_desktop
    • Published: Nov. 14, 2015
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2000-1096

    crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute a... Read more

    Affected Products : vixie_cron
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 294267 Results