Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.2

    LOW
    CVE-2020-13353

    When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.... Read more

    Affected Products : gitaly
    • EPSS Score: %0.08
    • Published: Nov. 17, 2020
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2021-20203

    An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash th... Read more

    Affected Products : fedora debian_linux qemu
    • EPSS Score: %0.02
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2007-0282

    Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.... Read more

    • EPSS Score: %0.33
    • Published: Jan. 17, 2007
    • Modified: Apr. 09, 2025

  • 3.2

    LOW
    CVE-2025-46394

    In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.... Read more

    Affected Products : busybox
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Information Disclosure

  • 3.2

    LOW
    CVE-2014-7251

    XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.... Read more

    Affected Products : fast\/tools
    • EPSS Score: %0.08
    • Published: Dec. 06, 2014
    • Modified: Apr. 12, 2025

  • 3.2

    LOW
    CVE-2010-3508

    Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Zones.... Read more

    Affected Products : solaris
    • EPSS Score: %0.16
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2018-1725

    IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440.... Read more

    • EPSS Score: %0.06
    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2021-25332

    Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.... Read more

    Affected Products : pay_mini
    • EPSS Score: %0.07
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2010-2382

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : solaris
    • EPSS Score: %0.19
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2021-25333

    Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.... Read more

    Affected Products : pay_mini
    • EPSS Score: %0.07
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2025-24034

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access to... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Information Disclosure

  • 3.2

    LOW
    CVE-2022-29816

    In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible... Read more

    Affected Products : intellij_idea
    • EPSS Score: %0.00
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2015-5011

    IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, ... Read more

    • EPSS Score: %0.12
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 3.2

    LOW
    CVE-2013-4373

    The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.... Read more

    Affected Products : jboss_operations_network
    • EPSS Score: %0.05
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2021-36170

    An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.... Read more

    Affected Products : fortimanager fortianalyzer
    • EPSS Score: %0.05
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-36066

    The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for ... Read more

    Affected Products : ejbca
    • Published: Sep. 12, 2024
    • Modified: Mar. 25, 2025

  • 3.1

    LOW
    CVE-2022-36117

    An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access co... Read more

    Affected Products : blue_prism
    • EPSS Score: %0.44
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-46824

    The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit e... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2023-32677

    Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and be... Read more

    Affected Products : zulip zulip_server
    • EPSS Score: %0.05
    • Published: May. 19, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-41945

    fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the `fund... Read more

    Affected Products :
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291783 Results