Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-28638

    An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in... Read more

    • EPSS Score: %0.15
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-23695

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities ... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.35
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-23694

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities ... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.35
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2017-20148

    In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.... Read more

    Affected Products : logcheck
    • EPSS Score: %0.11
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2017-20147

    In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs whe... Read more

    Affected Products : smokeping
    • EPSS Score: %0.06
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2016-20015

    In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokepi... Read more

    Affected Products : smokeping
    • EPSS Score: %0.12
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 10.0

    HIGH
    CVE-2014-1776

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploit... Read more

    • Actively Exploited
    • EPSS Score: %78.23
    • Published: Apr. 27, 2014
    • Modified: May. 29, 2025

  • 9.9

    CRITICAL
    CVE-2025-46673

    NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).... Read more

    Affected Products : cryptolib
    • Published: Apr. 27, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cryptography

  • 9.9

    CRITICAL
    CVE-2025-46674

    NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle.... Read more

    Affected Products : cryptolib
    • Published: Apr. 27, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2024-31099

    Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7.... Read more

    • Published: Apr. 01, 2024
    • Modified: May. 29, 2025

  • 10.0

    CRITICAL
    CVE-2025-34028

    The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Exe... Read more

    Affected Products : linux_kernel windows commvault
    • Actively Exploited
    • Published: Apr. 22, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2024-3517

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This make... Read more

    • Published: May. 02, 2024
    • Modified: May. 29, 2025

  • 6.4

    MEDIUM
    CVE-2024-3341

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escap... Read more

    • Published: May. 02, 2024
    • Modified: May. 29, 2025

  • 6.4

    MEDIUM
    CVE-2024-1533

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it... Read more

    • Published: May. 02, 2024
    • Modified: May. 29, 2025

  • 6.4

    MEDIUM
    CVE-2024-1396

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This... Read more

    • Published: May. 02, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-37888

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from ... Read more

    • Published: May. 17, 2024
    • Modified: May. 29, 2025

  • 6.4

    MEDIUM
    CVE-2024-1348

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This m... Read more

    • Published: May. 02, 2024
    • Modified: May. 29, 2025

  • 2.3

    LOW
    CVE-2025-2545

    Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its suscepti... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2025-47905

    Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.... Read more

    Affected Products : varnish_cache
    • Published: May. 13, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Misconfiguration

  • 2.2

    LOW
    CVE-2024-51754

    Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or... Read more

    Affected Products : twig
    • Published: Nov. 06, 2024
    • Modified: May. 29, 2025
Showing 20 of 291779 Results