Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2025-46570

    vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (... Read more

    Affected Products : vllm
    • Published: May. 29, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2025-32435

    Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 2.6

    LOW
    CVE-2025-48938

    go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Path Traversal

  • 2.6

    LOW
    CVE-2012-1164

    slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.... Read more

    Affected Products : openldap
    • EPSS Score: %15.20
    • Published: Jun. 29, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-4071

    Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.... Read more

    Affected Products : otrs
    • EPSS Score: %0.44
    • Published: Jan. 20, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-4744

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.29
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-1253

    Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.... Read more

    Affected Products : webmail roundcube_webmail
    • EPSS Score: %0.25
    • Published: Jun. 04, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5587

    Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 du... Read more

    Affected Products : rt request_tracker
    • EPSS Score: %0.41
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-6100

    Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset param... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.50
    • Published: Nov. 23, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2015-7046

    The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root p... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • EPSS Score: %0.74
    • Published: Dec. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2013-3571

    socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based o... Read more

    Affected Products : socat
    • EPSS Score: %0.82
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2013-2037

    httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack... Read more

    Affected Products : ubuntu_linux httplib2
    • EPSS Score: %0.49
    • Published: Jan. 18, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-6502

    Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.... Read more

    Affected Products : jdk jre
    • EPSS Score: %3.02
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-1980

    Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter.... Read more

    Affected Products : online_banking
    • EPSS Score: %0.62
    • Published: Apr. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1969

    Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web s... Read more

    Affected Products : portal_pack
    • EPSS Score: %0.53
    • Published: Apr. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1975

    Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in PHP-Gastebuch 1.61 allows remote attackers to inject arbitrary web script or HTML via the Kommentar field.... Read more

    Affected Products : php-gastebuch
    • EPSS Score: %0.40
    • Published: Apr. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0717

    A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.... Read more

    • EPSS Score: %6.61
    • Published: May. 07, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2025-55285

    @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly... Read more

    Affected Products : backstage
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2024-28864

    SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs wh... Read more

    Affected Products :
    • Published: Mar. 18, 2024
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2024-7998

    In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Aug. 21, 2024
    • Modified: Jul. 02, 2025
Showing 20 of 291219 Results