Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2004-2394

    Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.... Read more

    • EPSS Score: %0.08
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0235

    Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.... Read more

    Affected Products : debian_linux
    • EPSS Score: %0.10
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-2146

    mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to d... Read more

    Affected Products : esx esxi player workstation fusion
    • EPSS Score: %0.08
    • Published: Jun. 06, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-3111

    The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.... Read more

    Affected Products : backupninja
    • EPSS Score: %0.08
    • Published: Sep. 30, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0524

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.... Read more

    Affected Products : linux_kernel aix ios macos hp-ux mac_os_x solaris netware windows tru64 +4 more products
    • EPSS Score: %0.70
    • Published: Aug. 01, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1394

    Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.... Read more

    Affected Products : linux_kernel linux
    • EPSS Score: %0.06
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-3435

    Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.12
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-4153

    Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_ur... Read more

    Affected Products : wordpress
    • EPSS Score: %0.46
    • Published: Aug. 03, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2003-0367

    znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : debian_linux gzip
    • EPSS Score: %0.14
    • Published: Jul. 02, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-3372

    The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.... Read more

    Affected Products : avahi
    • EPSS Score: %0.10
    • Published: Jun. 22, 2007
    • Modified: Apr. 09, 2025

  • 2.0

    LOW
    CVE-2025-4599

    The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025

  • 2.0

    LOW
    CVE-2024-57257

    A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.... Read more

    Affected Products : u-boot
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025

  • 2.0

    LOW
    CVE-2024-38372

    Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2.... Read more

    Affected Products : undici
    • Published: Jul. 08, 2024
    • Modified: Nov. 21, 2024

  • 2.0

    LOW
    CVE-2024-35196

    Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verificat... Read more

    Affected Products : sentry
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 2.0

    LOW
    CVE-2024-53262

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered... Read more

    Affected Products : sveltekit
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 2.0

    LOW
    CVE-2024-52008

    Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces passwo... Read more

    Affected Products : fides
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 2.0

    LOW
    CVE-2024-53261

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scr... Read more

    Affected Products : sveltekit
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 2.0

    LOW
    CVE-2024-3995

    In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins.... Read more

    Affected Products : helix_alm
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 2.0

    LOW
    CVE-2025-5941

    Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based ... Read more

    Affected Products : netskope
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 2.0

    LOW
    CVE-2025-47820

    Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
Showing 20 of 291157 Results