Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.8

    LOW
    CVE-2015-1798

    The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MA... Read more

    Affected Products : ntp
    • Published: Apr. 08, 2015
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2021-35618

    Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communicati... Read more

    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2024-51746

    Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to ... Read more

    Affected Products : gitsign
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 1.8

    LOW
    CVE-2013-0179

    The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not accou... Read more

    Affected Products : memcached
    • Published: Jan. 13, 2014
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2025-47278

    Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by ... Read more

    Affected Products : flask
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cryptography

  • 1.8

    LOW
    CVE-2016-8284

    Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.... Read more

    Affected Products : mysql
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2016-0453

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server.... Read more

    Affected Products : glassfish_server fusion_middleware
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2025-30166

    Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session co... Read more

    Affected Products : admin_classic_bundle
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 1.8

    LOW
    CVE-2021-2147

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installation). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure w... Read more

    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2013-7290

    The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the ... Read more

    Affected Products : memcached
    • Published: Jan. 13, 2014
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2015-0875

    The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file.... Read more

    • Published: Feb. 15, 2015
    • Modified: Apr. 12, 2025

  • 1.7

    LOW
    CVE-2007-3700

    Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local u... Read more

    Affected Products : java_system_access_manager
    • Published: Jul. 11, 2007
    • Modified: Apr. 09, 2025

  • 1.7

    LOW
    CVE-2015-4767

    Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.... Read more

    Affected Products : ubuntu_linux mysql
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 1.7

    LOW
    CVE-2006-6653

    The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may re... Read more

    Affected Products : netbsd
    • Published: Dec. 20, 2006
    • Modified: Apr. 09, 2025

  • 1.7

    LOW
    CVE-2013-0982

    The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattend... Read more

    Affected Products : mac_os_x mac_os_x_server mac_os_x
    • Published: Jun. 05, 2013
    • Modified: Apr. 11, 2025

  • 1.7

    LOW
    CVE-2025-49824

    conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package has been identi... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cryptography

  • 1.7

    LOW
    CVE-2013-2997

    IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.... Read more

    Affected Products : security_appscan
    • Published: Sep. 08, 2013
    • Modified: Apr. 11, 2025

  • 1.7

    LOW
    CVE-2005-2993

    Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).... Read more

    Affected Products : hp-ux tru64
    • Published: Sep. 20, 2005
    • Modified: Apr. 03, 2025

  • 1.7

    LOW
    CVE-2006-6510

    An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions.... Read more

    Affected Products : sitekiosk
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 1.7

    LOW
    CVE-2013-5885

    Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit.... Read more

    Affected Products : solaris sunos
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 294289 Results