Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2025-20643

    In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interactio... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 +34 more products
    • Published: Feb. 03, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-30737

    Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). The supported version that is affected is 24.200. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP ... Read more

    Affected Products : smart_view_for_office
    • Published: Apr. 15, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-46710

    Possible kernel exceptions caused by reading and writing kernel heap data after free.... Read more

    Affected Products : ddk
    • Published: Jun. 16, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-32875

    An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cryptography

  • 5.7

    MEDIUM
    CVE-2016-5537

    Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not ... Read more

    Affected Products : netbeans
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2011-3593

    A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Jun. 08, 2013
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2011-1478

    The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NU... Read more

    Affected Products : linux_kernel
    • Published: Oct. 23, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2025-49722

    Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2024-31443

    Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_t... Read more

    Affected Products : fedora cacti
    • Published: May. 14, 2024
    • Modified: Dec. 18, 2024

  • 5.7

    MEDIUM
    CVE-2020-12866

    A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.... Read more

    Affected Products : ubuntu_linux leap sane_backends
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-51594

    BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerabili... Read more

    Affected Products : bluez
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 5.7

    MEDIUM
    CVE-2023-51592

    BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction... Read more

    Affected Products : bluez
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 5.7

    MEDIUM
    CVE-2019-12449

    An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are ... Read more

    Affected Products : ubuntu_linux fedora leap gvfs
    • Published: May. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-27272

    SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, phy... Read more

    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2012-3570

    Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.... Read more

    Affected Products : dhcp
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2019-0950

    A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-... Read more

    • Published: May. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-21693

    Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability... Read more

    • Published: Feb. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2025-31197

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected ... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-53138

    Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-50156

    Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 294755 Results