Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-21981

    Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 15, 2024

  • 5.7

    MEDIUM
    CVE-2022-2393

    A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the... Read more

    • Published: Jul. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-0695

    Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are st... Read more

    • Published: Mar. 15, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2012-3062

    Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr881... Read more

    Affected Products : ios
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2024-20840

    Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen.... Read more

    Affected Products : android voice_recorder
    • Published: Mar. 05, 2024
    • Modified: Feb. 14, 2025

  • 5.7

    MEDIUM
    CVE-2024-20692

    Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability... Read more

    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2015-0501

    Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.... Read more

    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.7

    MEDIUM
    CVE-2024-1695

    A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.... Read more

    Affected Products :
    • Published: May. 06, 2024
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2013-6367

    The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2020-14617

    Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12; Mobile App: Prior to 20.6. Easily exploitable vulnera... Read more

    Affected Products : primavera_unifier
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-21970

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise O... Read more

    Affected Products : bi_publisher
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-3588

    The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-t... Read more

    Affected Products : kexec-tools
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2011-2723

    The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (sy... Read more

    Affected Products : linux_kernel
    • Published: Sep. 06, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2020-16144

    When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to per... Read more

    Affected Products : files_antivirus
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-1576

    The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers ... Read more

    • Published: Aug. 31, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2024-13870

    An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed fir... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2020-15118

    In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags ... Read more

    Affected Products : wagtail wagtail
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2010-4438

    Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).... Read more

    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 5.7

    MEDIUM
    CVE-2021-22194

    In all versions of GitLab, marshalled session keys were being stored in Redis.... Read more

    Affected Products : gitlab
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2011-0714

    Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a pack... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: May. 04, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 294836 Results