Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2018-19665

    The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.... Read more

    Affected Products : leap qemu
    • Published: Dec. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-23492

    A weak encoding is used to transmit credentials for WS203VICM. ... Read more

    Affected Products :
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-27825

    A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw co... Read more

    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-22037

    The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 5.7

    MEDIUM
    CVE-2024-21981

    Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 15, 2024

  • 5.7

    MEDIUM
    CVE-2022-2393

    A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the... Read more

    • Published: Jul. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-0695

    Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are st... Read more

    • Published: Mar. 15, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2012-3062

    Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr881... Read more

    Affected Products : ios
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2024-20840

    Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen.... Read more

    Affected Products : android voice_recorder
    • Published: Mar. 05, 2024
    • Modified: Feb. 14, 2025

  • 5.7

    MEDIUM
    CVE-2024-20692

    Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability... Read more

    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2015-0501

    Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.... Read more

    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2024-1695

    A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.... Read more

    Affected Products :
    • Published: May. 06, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2013-6367

    The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2020-14617

    Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12; Mobile App: Prior to 20.6. Easily exploitable vulnera... Read more

    Affected Products : primavera_unifier
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-21970

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise O... Read more

    Affected Products : bi_publisher
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-3588

    The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-t... Read more

    Affected Products : kexec-tools
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2011-2723

    The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (sy... Read more

    Affected Products : linux_kernel
    • Published: Sep. 06, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2020-16144

    When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to per... Read more

    Affected Products : files_antivirus
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-1576

    The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers ... Read more

    • Published: Aug. 31, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2024-13870

    An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed fir... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authorization
Showing 20 of 294742 Results