Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2020-24587

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments wh... Read more

    • EPSS Score: %0.34
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2015-2625

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.... Read more

    Affected Products : jdk jre jrockit
    • EPSS Score: %1.86
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-0820

    Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbo... Read more

    Affected Products : firefox ubuntu_linux opensuse
    • EPSS Score: %0.30
    • Published: Feb. 25, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2025-25183

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Pr... Read more

    Affected Products : vllm
    • Published: Feb. 07, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 2.6

    LOW
    CVE-2024-37181

    Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Race Condition

  • 2.6

    LOW
    CVE-2009-0071

    Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) q... Read more

    Affected Products : firefox
    • EPSS Score: %5.85
    • Published: Jan. 08, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2005-1049

    Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could... Read more

    Affected Products : postnuke
    • EPSS Score: %13.24
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-1499

    acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy serv... Read more

    Affected Products : debian_linux tinyproxy
    • EPSS Score: %0.78
    • Published: Apr. 29, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2004-0837

    MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.... Read more

    Affected Products : debian_linux mysql mysql
    • EPSS Score: %2.36
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0232

    Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen... Read more

    Affected Products : firefox
    • EPSS Score: %1.32
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2014

    Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.... Read more

    Affected Products : wget
    • EPSS Score: %0.12
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-4456

    ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by levera... Read more

    Affected Products : owncloud_desktop_client
    • EPSS Score: %0.16
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2010-4472

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous info... Read more

    Affected Products : jre jdk
    • EPSS Score: %8.00
    • Published: Feb. 17, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-4265

    The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 throug... Read more

    • EPSS Score: %1.03
    • Published: Dec. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5772

    Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %1.47
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1786

    Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is n... Read more

    Affected Products : document_server
    • EPSS Score: %5.47
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-1729

    The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.... Read more

    Affected Products : firefox mac_os_x
    • EPSS Score: %0.43
    • Published: Sep. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2003-0282

    Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.... Read more

    • EPSS Score: %12.23
    • Published: Jun. 16, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-2207

    pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.... Read more

    Affected Products : fedora glibc
    • EPSS Score: %0.07
    • Published: Oct. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-5559

    Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web scrip... Read more

    Affected Products : ctools
    • EPSS Score: %0.19
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291623 Results