Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-20148

    In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.... Read more

    Affected Products : logcheck
    • EPSS Score: %0.11
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2017-20147

    In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs whe... Read more

    Affected Products : smokeping
    • EPSS Score: %0.06
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2016-20015

    In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokepi... Read more

    Affected Products : smokeping
    • EPSS Score: %0.12
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 10.0

    HIGH
    CVE-2014-1776

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploit... Read more

    • Actively Exploited
    • EPSS Score: %78.23
    • Published: Apr. 27, 2014
    • Modified: May. 29, 2025

  • 9.9

    CRITICAL
    CVE-2025-46673

    NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).... Read more

    Affected Products : cryptolib
    • Published: Apr. 27, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cryptography

  • 9.9

    CRITICAL
    CVE-2025-46674

    NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.... Read more

    Affected Products : cryptolib
    • Published: Apr. 27, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2024-31099

    Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7.... Read more

    • Published: Apr. 01, 2024
    • Modified: May. 29, 2025

  • 10.0

    CRITICAL
    CVE-2025-34028

    The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Exe... Read more

    Affected Products : linux_kernel windows commvault
    • Actively Exploited
    • Published: Apr. 22, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2024-3517

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This make... Read more

    • Published: May. 02, 2024
    • Modified: May. 29, 2025

  • 6.4

    MEDIUM
    CVE-2024-3341

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escap... Read more

    • Published: May. 02, 2024
    • Modified: May. 29, 2025

  • 6.4

    MEDIUM
    CVE-2024-1533

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it... Read more

    • Published: May. 02, 2024
    • Modified: May. 29, 2025

  • 6.4

    MEDIUM
    CVE-2024-1396

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This... Read more

    • Published: May. 02, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-37888

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from ... Read more

    • Published: May. 17, 2024
    • Modified: May. 29, 2025

  • 6.4

    MEDIUM
    CVE-2024-1348

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This m... Read more

    • Published: May. 02, 2024
    • Modified: May. 29, 2025

  • 2.3

    LOW
    CVE-2025-2545

    Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its suscepti... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2025-47905

    Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.... Read more

    Affected Products : varnish_cache
    • Published: May. 13, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Misconfiguration

  • 2.2

    LOW
    CVE-2024-51754

    Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or... Read more

    Affected Products : twig
    • Published: Nov. 06, 2024
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2025-5147

    A vulnerability was found in Netcore NBR1005GPEV2, NBR200V2 and B6V2 up to 20250508 and classified as critical. This issue affects the function tools_ping of the file /usr/bin/network_tools. The manipulation of the argument url leads to command injection.... Read more

    Affected Products :
    • Published: May. 25, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-5146

    A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwd_set of the file /usr/bin/routerd of the component HTTP He... Read more

    Affected Products :
    • Published: May. 25, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-32910

    A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.... Read more

    Affected Products : enterprise_linux
    • Published: Apr. 14, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291756 Results