Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2025-46712

    Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allo... Read more

    Affected Products : otp
    • Published: May. 08, 2025
    • Modified: May. 12, 2025

  • 3.7

    LOW
    CVE-2025-29923

    go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can happen when the client is... Read more

    Affected Products :
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Race Condition

  • 3.7

    LOW
    CVE-2024-48341

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.7

    LOW
    CVE-2025-58272

    Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.7

    LOW
    CVE-2024-30130

    HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.... Read more

    Affected Products : nomad_server_on_domino
    • Published: Jul. 19, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-36325

    i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Nov. 04, 2024

  • 3.7

    LOW
    CVE-2022-21624

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-21619

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition:... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2022-39399

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 a... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-47818

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n/a through 2.1.8.... Read more

    Affected Products : lws_hide_login
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-40160

    Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server.... Read more

    Affected Products :
    • Published: Mar. 18, 2024
    • Modified: Mar. 24, 2025

  • 3.7

    LOW
    CVE-2000-0799

    inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.... Read more

    Affected Products : irix
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-33847

    IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link ... Read more

    • Published: Jun. 08, 2023
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2024-39886

    TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of ... Read more

    Affected Products :
    • Published: Jul. 10, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2021-37845

    An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in R... Read more

    Affected Products : webcit
    • Published: May. 29, 2023
    • Modified: Jan. 14, 2025

  • 3.7

    LOW
    CVE-2025-49221

    Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2001-1085

    Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : lmail
    • Published: Jul. 05, 2001
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2004-1683

    A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.... Read more

    Affected Products : rtos
    • Published: Sep. 13, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2023-49822

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10.... Read more

    Affected Products :
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2023-30857

    @aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` deco... Read more

    Affected Products : ion
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294329 Results