Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.8

    LOW
    CVE-2007-2999

    Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers t... Read more

    • EPSS Score: %1.25
    • Published: Jun. 04, 2007
    • Modified: Apr. 09, 2025

  • 1.8

    LOW
    CVE-2014-4812

    The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port.... Read more

    Affected Products : security_appscan_source
    • EPSS Score: %0.11
    • Published: Oct. 26, 2014
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2016-0453

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server.... Read more

    Affected Products : glassfish_server fusion_middleware
    • EPSS Score: %0.52
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2025-23206

    The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprin... Read more

    Affected Products : aws_cloud_development_kit
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Misconfiguration

  • 1.8

    LOW
    CVE-2025-32382

    Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase (either updating a password or changing password to private key or vice versa), Metabase would not always purge older... Read more

    Affected Products : metabase
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Information Disclosure

  • 1.8

    LOW
    CVE-2021-2147

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installation). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure w... Read more

    • EPSS Score: %0.08
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2024-36119

    Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the `user:register_form` tag will have their password confirmation stored in plain text in their user file. This only affects sites matchin... Read more

    Affected Products : statamic
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2012-2420

    The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to obtain sensitive information via a URI wi... Read more

    Affected Products : internet_explorer quickbooks
    • EPSS Score: %0.16
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2012-2419

    Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memo... Read more

    Affected Products : internet_explorer quickbooks
    • EPSS Score: %0.12
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2012-2423

    The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different responses to remote requests depending on whether a ZIP... Read more

    Affected Products : internet_explorer quickbooks
    • EPSS Score: %0.13
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2025-30166

    Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session co... Read more

    Affected Products : admin_classic_bundle
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 1.8

    LOW
    CVE-2018-3270

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where S... Read more

    Affected Products : solaris solaris
    • EPSS Score: %0.19
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2024-2567

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The ma... Read more

    Affected Products :
    • Published: Mar. 17, 2024
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2012-2421

    Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to ... Read more

    Affected Products : internet_explorer quickbooks
    • EPSS Score: %0.12
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2025-0885

    Incorrect Authorization vulnerability in OpenText™ GroupWise allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow unauthorized access to calendar items marked private. This issue affects GroupWise versio... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 1.8

    LOW
    CVE-2023-21928

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: IPS repository daemon). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Ora... Read more

    Affected Products : solaris solaris
    • EPSS Score: %0.04
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2011-3561

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.... Read more

    Affected Products : jdk jre jre jdk javafx
    • EPSS Score: %0.52
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2025-47278

    Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by ... Read more

    Affected Products : flask
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cryptography

  • 1.8

    LOW
    CVE-2019-3008

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris... Read more

    Affected Products : solaris solaris
    • EPSS Score: %0.28
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 1.7

    LOW
    CVE-2007-0288

    Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.... Read more

    Affected Products : application_server
    • EPSS Score: %0.37
    • Published: Jan. 17, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291562 Results