Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-26532

    Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-26533

    An SQL injection risk was identified in the module list filter within course search.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2019-9923

    pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.... Read more

    Affected Products : leap tar
    • EPSS Score: %0.41
    • Published: Mar. 22, 2019
    • Modified: Aug. 06, 2025

  • 6.2

    MEDIUM
    CVE-2016-9401

    popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.... Read more

    • EPSS Score: %0.01
    • Published: Jan. 23, 2017
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2016-6321

    Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_... Read more

    Affected Products : tar
    • EPSS Score: %12.72
    • Published: Dec. 09, 2016
    • Modified: Aug. 06, 2025

  • 5.1

    MEDIUM
    CVE-2015-1865

    fts.c in coreutils 8.4 allows local users to delete arbitrary files.... Read more

    Affected Products : coreutils
    • EPSS Score: %0.08
    • Published: Sep. 20, 2017
    • Modified: Aug. 06, 2025

  • 7.8

    HIGH
    CVE-2023-27328

    Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-pr... Read more

    Affected Products : parallels_desktop
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2023-27327

    Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to ex... Read more

    Affected Products : parallels_desktop
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 7.8

    HIGH
    CVE-2023-27324

    Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execu... Read more

    Affected Products : parallels_desktop
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 7.8

    HIGH
    CVE-2023-27323

    Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to exe... Read more

    Affected Products : parallels_desktop
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 7.8

    HIGH
    CVE-2023-27322

    Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execu... Read more

    Affected Products : parallels_desktop
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 8.2

    HIGH
    CVE-2023-27326

    Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute ... Read more

    Affected Products : parallels_desktop
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 7.8

    HIGH
    CVE-2023-27325

    Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execu... Read more

    Affected Products : parallels_desktop
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 5.3

    MEDIUM
    CVE-2023-53161

    The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic.... Read more

    Affected Products : buffered-reader
    • Published: Jul. 28, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2023-53160

    The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.... Read more

    Affected Products : sequoia-openpgp
    • Published: Jul. 28, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-54571

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTT... Read more

    Affected Products : modsecurity
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-46659

    An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-8244

    The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2024-58261

    The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.... Read more

    Affected Products : sequoia-openpgp
    • Published: Jul. 27, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-28172

    Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to t... Read more

    Affected Products : ucm6510_firmware ucm6510
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication
Showing 20 of 292058 Results