Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-27773

    The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirec... Read more

    Affected Products : saml2
    • Published: Mar. 11, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2025-22870

    Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be ... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2024-38828

    Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.... Read more

    Affected Products : spring_framework
    • Published: Nov. 18, 2024
    • Modified: May. 09, 2025

  • 0.0

    NA
    CVE-2024-35890

    In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skb_segment_list those skbs can be reused as-... Read more

    Affected Products : linux_kernel
    • Published: May. 19, 2024
    • Modified: May. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-11741

    Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3,  11.2.6, 11.1.11, ... Read more

    Affected Products : grafana
    • Published: Jan. 31, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-10976

    Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases ... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: May. 09, 2025

  • 6.5

    MEDIUM
    CVE-2023-24626

    socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target proc... Read more

    Affected Products : screen
    • EPSS Score: %0.06
    • Published: Apr. 08, 2023
    • Modified: May. 09, 2025

  • 7.5

    HIGH
    CVE-2022-3725

    Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : fedora wireshark
    • EPSS Score: %0.06
    • Published: Oct. 27, 2022
    • Modified: May. 09, 2025

  • 6.1

    MEDIUM
    CVE-2022-25849

    The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.... Read more

    Affected Products : hyperdown
    • EPSS Score: %0.11
    • Published: Oct. 26, 2022
    • Modified: May. 09, 2025

  • 7.5

    HIGH
    CVE-2021-28831

    decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.... Read more

    Affected Products : fedora debian_linux busybox
    • EPSS Score: %0.88
    • Published: Mar. 19, 2021
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2021-26937

    encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.... Read more

    Affected Products : fedora debian_linux screen
    • EPSS Score: %2.98
    • Published: Feb. 09, 2021
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2020-8165

    A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.... Read more

    Affected Products : debian_linux leap rails
    • EPSS Score: %90.96
    • Published: Jun. 19, 2020
    • Modified: May. 09, 2025

  • 10.0

    HIGH
    CVE-2015-0240

    The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute ar... Read more

    • EPSS Score: %92.17
    • Published: Feb. 24, 2015
    • Modified: May. 09, 2025

  • 7.0

    HIGH
    CVE-2025-46327

    gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configura... Read more

    Affected Products : gosnowflake
    • Published: Apr. 28, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Race Condition

  • 7.0

    HIGH
    CVE-2025-46328

    snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads l... Read more

    Affected Products : snowflake_connector
    • Published: Apr. 28, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Race Condition

  • 3.3

    LOW
    CVE-2025-46329

    libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encry... Read more

    Affected Products : connector_for_c\/c\+\+
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-46330

    libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_... Read more

    Affected Products : connector_for_c\/c\+\+
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025

  • 6.9

    MEDIUM
    CVE-2025-46338

    Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicio... Read more

    Affected Products : audiobookshelf
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46343

    n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. Howe... Read more

    Affected Products : n8n
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-58099

    In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for n... Read more

    Affected Products : linux_kernel
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291804 Results