Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2024-55593

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries... Read more

    Affected Products : fortiweb
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2023-1084

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner le... Read more

    Affected Products : gitlab
    • Published: Mar. 09, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-38823

    Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2024-4195

    Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests. ... Read more

    Affected Products : mattermost_server
    • Published: Apr. 26, 2024
    • Modified: May. 12, 2025

  • 2.7

    LOW
    CVE-2024-29733

    Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl... Read more

    Affected Products : apache-airflow-providers-ftp
    • Published: Apr. 21, 2024
    • Modified: Jul. 10, 2025

  • 2.7

    LOW
    CVE-2024-41728

    Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise ... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 16, 2024

  • 2.6

    LOW
    CVE-2006-2311

    Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in th... Read more

    • Published: Jun. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0141

    Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.... Read more

    Affected Products : firefox mozilla
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0144

    Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.... Read more

    Affected Products : firefox mozilla
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4567

    Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a mal... Read more

    Affected Products : firefox thunderbird enterprise_linux
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1126

    Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, includin... Read more

    Affected Products : linux mozilla galeon_browser
    • Published: Sep. 24, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0473

    Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-... Read more

    Affected Products : opera_browser
    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2025-27707

    Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 2.6

    LOW
    CVE-2025-2826

    n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.... Read more

    Affected Products : eos
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 2.6

    LOW
    CVE-2024-30252

    Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an a... Read more

    Affected Products :
    • Published: Apr. 04, 2024
    • Modified: Aug. 27, 2025

  • 2.6

    LOW
    CVE-2010-0039

    The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP a... Read more

    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2024-45719

    Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users a... Read more

    Affected Products : answer
    • Published: Nov. 22, 2024
    • Modified: Jul. 01, 2025

  • 2.6

    LOW
    CVE-2006-2093

    Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharin... Read more

    Affected Products : nessus
    • Published: Apr. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2016

    Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engi... Read more

    Affected Products : debian_linux phpldapadmin
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2018-0942

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Interne... Read more

    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293250 Results