Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-0049

    When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-4038

    A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads t... Read more

    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2023-50290

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to ... Read more

    Affected Products : solr
    • EPSS Score: %92.90
    • Published: Jan. 15, 2024
    • Modified: May. 09, 2025

  • 8.6

    HIGH
    CVE-2025-27773

    The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirec... Read more

    Affected Products : saml2
    • Published: Mar. 11, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2025-22870

    Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be ... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2024-38828

    Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.... Read more

    Affected Products : spring_framework
    • Published: Nov. 18, 2024
    • Modified: May. 09, 2025

  • 0.0

    NA
    CVE-2024-35890

    In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skb_segment_list those skbs can be reused as-... Read more

    Affected Products : linux_kernel
    • Published: May. 19, 2024
    • Modified: May. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-11741

    Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3,  11.2.6, 11.1.11, ... Read more

    Affected Products : grafana
    • Published: Jan. 31, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-10976

    Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases ... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: May. 09, 2025

  • 6.5

    MEDIUM
    CVE-2023-24626

    socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target proc... Read more

    Affected Products : screen
    • EPSS Score: %0.06
    • Published: Apr. 08, 2023
    • Modified: May. 09, 2025

  • 7.5

    HIGH
    CVE-2022-3725

    Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : fedora wireshark
    • EPSS Score: %0.06
    • Published: Oct. 27, 2022
    • Modified: May. 09, 2025

  • 6.1

    MEDIUM
    CVE-2022-25849

    The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.... Read more

    Affected Products : hyperdown
    • EPSS Score: %0.11
    • Published: Oct. 26, 2022
    • Modified: May. 09, 2025

  • 7.5

    HIGH
    CVE-2021-28831

    decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.... Read more

    Affected Products : fedora debian_linux busybox
    • EPSS Score: %0.88
    • Published: Mar. 19, 2021
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2021-26937

    encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.... Read more

    Affected Products : fedora debian_linux screen
    • EPSS Score: %2.98
    • Published: Feb. 09, 2021
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2020-8165

    A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.... Read more

    Affected Products : debian_linux leap rails
    • EPSS Score: %90.96
    • Published: Jun. 19, 2020
    • Modified: May. 09, 2025

  • 10.0

    HIGH
    CVE-2015-0240

    The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute ar... Read more

    • EPSS Score: %92.17
    • Published: Feb. 24, 2015
    • Modified: May. 09, 2025

  • 7.0

    HIGH
    CVE-2025-46327

    gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configura... Read more

    Affected Products : gosnowflake
    • Published: Apr. 28, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Race Condition

  • 7.0

    HIGH
    CVE-2025-46328

    snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads l... Read more

    Affected Products : snowflake_connector
    • Published: Apr. 28, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Race Condition

  • 3.3

    LOW
    CVE-2025-46329

    libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encry... Read more

    Affected Products : connector_for_c\/c\+\+
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-46330

    libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_... Read more

    Affected Products : connector_for_c\/c\+\+
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
Showing 20 of 291717 Results