Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2023-27538

    An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously us... Read more

    • Published: Mar. 30, 2023
    • Modified: Jun. 09, 2025

  • 5.9

    MEDIUM
    CVE-2023-27535

    An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they... Read more

    • Published: Mar. 30, 2023
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2022-42012

    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in... Read more

    Affected Products : fedora dbus
    • Published: Oct. 10, 2022
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2022-42011

    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inco... Read more

    Affected Products : fedora dbus
    • Published: Oct. 10, 2022
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2022-42010

    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type sig... Read more

    Affected Products : fedora dbus
    • Published: Oct. 10, 2022
    • Modified: Jun. 09, 2025

  • 7.1

    HIGH
    CVE-2022-29458

    ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.... Read more

    Affected Products : debian_linux macos ncurses
    • Published: Apr. 18, 2022
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2022-29072

    7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process... Read more

    Affected Products : windows 7-zip 7zip
    • Published: Apr. 15, 2022
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2022-1348

    A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created wit... Read more

    Affected Products : fedora logrotate
    • Published: May. 25, 2022
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2022-1271

    An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This... Read more

    Affected Products : debian_linux jboss_data_grid gzip xz
    • Published: Aug. 31, 2022
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2021-3998

    A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.... Read more

    • Published: Aug. 24, 2022
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2021-38185

    GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern... Read more

    Affected Products : cpio
    • Published: Aug. 08, 2021
    • Modified: Jun. 09, 2025

  • 2.5

    LOW
    CVE-2021-27645

    The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local sy... Read more

    Affected Products : fedora debian_linux glibc
    • Published: Feb. 24, 2021
    • Modified: Jun. 09, 2025

  • 9.1

    CRITICAL
    CVE-2021-22945

    When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.... Read more

    • Published: Sep. 23, 2021
    • Modified: Jun. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-22924

    libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved ... Read more

    • Published: Aug. 05, 2021
    • Modified: Jun. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-22890

    curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the... Read more

    • Published: Apr. 01, 2021
    • Modified: Jun. 09, 2025

  • 5.3

    MEDIUM
    CVE-2021-22876

    curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically popu... Read more

    • Published: Apr. 01, 2021
    • Modified: Jun. 09, 2025

  • 7.2

    HIGH
    CVE-2010-4226

    cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.... Read more

    Affected Products : opensuse cpio
    • Published: Feb. 06, 2014
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-5509

    A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the att... Read more

    Affected Products : shiyi-blog
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-5510

    A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can... Read more

    Affected Products : shiyi-blog
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-5520

    A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to ... Read more

    Affected Products : open5gs
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
Showing 20 of 293179 Results