Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.8

    LOW
    CVE-2018-3270

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where S... Read more

    Affected Products : solaris solaris
    • EPSS Score: %0.19
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2024-12057

    User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the ... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 1.8

    LOW
    CVE-2023-21928

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: IPS repository daemon). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Ora... Read more

    Affected Products : solaris solaris
    • EPSS Score: %0.04
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2024-36119

    Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the `user:register_form` tag will have their password confirmation stored in plain text in their user file. This only affects sites matchin... Read more

    Affected Products : statamic
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2013-0179

    The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not accou... Read more

    Affected Products : memcached
    • EPSS Score: %1.34
    • Published: Jan. 13, 2014
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2017-10122

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure whe... Read more

    Affected Products : solaris solaris
    • EPSS Score: %0.09
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 1.8

    LOW
    CVE-2012-2425

    The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (application crash) v... Read more

    Affected Products : internet_explorer quickbooks
    • EPSS Score: %0.21
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2016-8284

    Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.... Read more

    Affected Products : mysql
    • EPSS Score: %0.08
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2011-3561

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.... Read more

    Affected Products : jdk jre jre jdk javafx
    • EPSS Score: %0.52
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2013-7290

    The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the ... Read more

    Affected Products : memcached
    • EPSS Score: %0.21
    • Published: Jan. 13, 2014
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2013-7291

    memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree,"... Read more

    Affected Products : memcached
    • EPSS Score: %0.21
    • Published: Jan. 13, 2014
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2024-51746

    Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to ... Read more

    Affected Products : gitsign
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 1.8

    LOW
    CVE-2025-23206

    The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprin... Read more

    Affected Products : aws_cloud_development_kit
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025

  • 1.8

    LOW
    CVE-2024-5532

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.  The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal... Read more

    Affected Products :
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 1.8

    LOW
    CVE-2025-21520

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker wi... Read more

    Affected Products : mysql_server mysql_cluster
    • Published: Jan. 21, 2025
    • Modified: Apr. 09, 2025

  • 1.8

    LOW
    CVE-2021-35618

    Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communicati... Read more

    • EPSS Score: %0.32
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2025-47278

    Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by ... Read more

    Affected Products : flask
    • Published: May. 13, 2025
    • Modified: May. 13, 2025

  • 1.8

    LOW
    CVE-2012-2421

    Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to ... Read more

    Affected Products : internet_explorer quickbooks
    • EPSS Score: %0.12
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2012-2419

    Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memo... Read more

    Affected Products : internet_explorer quickbooks
    • EPSS Score: %0.12
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2012-2420

    The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to obtain sensitive information via a URI wi... Read more

    Affected Products : internet_explorer quickbooks
    • EPSS Score: %0.16
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291138 Results