Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.9

    LOW
    CVE-2024-58253

    In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value.... Read more

    Affected Products :
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Misconfiguration

  • 2.9

    LOW
    CVE-2025-27576

    Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 2.9

    LOW
    CVE-2025-47952

    Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to ... Read more

    Affected Products : traefik
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Path Traversal

  • 2.9

    LOW
    CVE-2014-0131

    Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.... Read more

    • EPSS Score: %0.10
    • Published: Mar. 24, 2014
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2013-0571

    Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web ... Read more

    • EPSS Score: %0.19
    • Published: Apr. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2010-4211

    The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.... Read more

    Affected Products : iphone_os paypal
    • EPSS Score: %0.08
    • Published: Nov. 09, 2010
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2025-47774

    Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the `slice()` builtin can elide side effects when the output length is 0, and the source bytestring is a builtin (`msg.data` or `<addres... Read more

    Affected Products : vyper
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Denial of Service

  • 2.9

    LOW
    CVE-2014-3970

    The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.... Read more

    Affected Products : pulseaudio
    • EPSS Score: %0.63
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2012-4049

    epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.... Read more

    Affected Products : wireshark opensuse
    • EPSS Score: %0.58
    • Published: Jul. 24, 2012
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2016-3485

    Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.... Read more

    Affected Products : jdk jre jrockit
    • EPSS Score: %0.07
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2015-4640

    The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP... Read more

    • EPSS Score: %0.20
    • Published: Jun. 19, 2015
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2013-1574

    The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause ... Read more

    Affected Products : wireshark
    • EPSS Score: %0.23
    • Published: Feb. 03, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2012-2422

    Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via the qbwc://docontrol/GetCompanyFile functionality.... Read more

    Affected Products : quickbooks
    • EPSS Score: %0.13
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2013-1589

    Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.... Read more

    Affected Products : wireshark
    • EPSS Score: %0.26
    • Published: Feb. 03, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2013-1579

    The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to ... Read more

    Affected Products : wireshark
    • EPSS Score: %0.23
    • Published: Feb. 03, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2012-6334

    The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS l... Read more

    • EPSS Score: %0.10
    • Published: Dec. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2013-3984

    The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission w... Read more

    Affected Products : sametime sametime_meeting_server
    • EPSS Score: %0.11
    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2024-40640

    vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and `PkDecryption` Ed25519 secret keys. This ... Read more

    Affected Products :
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 2.9

    LOW
    CVE-2013-5218

    Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in ... Read more

    • EPSS Score: %1.13
    • Published: Dec. 30, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2013-3985

    The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable.... Read more

    • EPSS Score: %0.11
    • Published: Nov. 09, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291570 Results