Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2025-22241

    File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “au... Read more

    Affected Products : salt
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 5.6

    MEDIUM
    CVE-2025-22242

    Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An att... Read more

    Affected Products : salt
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2025-21100

    Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.6

    MEDIUM
    CVE-2023-1998

    The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Apr. 21, 2023
    • Modified: Feb. 13, 2025

  • 5.6

    MEDIUM
    CVE-2022-3231

    Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.... Read more

    Affected Products : librenms
    • Published: Sep. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-39397

    aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.... Read more

    Affected Products : aliyun-oss-client
    • Published: Nov. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-22713

    Windows Hyper-V Denial of Service Vulnerability... Read more

    • Published: May. 10, 2022
    • Modified: Jan. 02, 2025

  • 5.6

    MEDIUM
    CVE-2022-21239

    Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : quickassist_technology
    • Published: May. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-1172

    Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.... Read more

    Affected Products : gpac
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2021-43246

    Windows Hyper-V Denial of Service Vulnerability... Read more

    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2025-7396

    In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assem... Read more

    Affected Products : wolfssl
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025

  • 5.6

    MEDIUM
    CVE-2024-35195

    Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verificati... Read more

    Affected Products :
    • Published: May. 20, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-3301

    A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause ... Read more

    Affected Products : enterprise_linux qemu
    • Published: Sep. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-26554

    mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.... Read more

    Affected Products : ntp
    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 5.6

    MEDIUM
    CVE-2023-26552

    mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.... Read more

    Affected Products : ntp
    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 5.6

    MEDIUM
    CVE-2018-12130

    Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacte... Read more

    • Published: May. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2021-26401

    LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.... Read more

    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2018-0888

    The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1... Read more

    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-36357

    A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.6

    MEDIUM
    CVE-2024-36350

    A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 294723 Results