Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2024-2321

    An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies ... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2017-5753

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.... Read more

    • Published: Jan. 04, 2018
    • Modified: Jan. 14, 2025

  • 5.6

    MEDIUM
    CVE-2018-3665

    System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.... Read more

    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2019-1125

    An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerabil... Read more

    • Published: Sep. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2025-47256

    Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2022-23960

    Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cach... Read more

    • Published: Mar. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-24552

    A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.... Read more

    Affected Products : bludit
    • Published: Jun. 24, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2020-29012

    An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to ob... Read more

    Affected Products : fortisandbox
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2014-1213

    Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, c... Read more

    Affected Products : sophos_anti-virus scanning_engine
    • Published: Feb. 10, 2014
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2017-12547

    A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2013-1424

    Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.... Read more

    Affected Products : matplotlib
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2012-3345

    ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file.... Read more

    Affected Products : ioquake3_engine
    • Published: Jun. 15, 2012
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2025-30698

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle Gra... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2012-1687

    Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM).... Read more

    Affected Products : sunos solaris
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2011-3515

    Unspecified vulnerability in the Oracle Solaris 10 and 11 Express allows local users to affect integrity and availability via unknown vectors related to Process File System (procfs).... Read more

    Affected Products : sunos solaris
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2024-12747

    A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at... Read more

    Affected Products : enterprise_linux
    • Published: Jan. 14, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Race Condition

  • 5.6

    MEDIUM
    CVE-2010-4027

    Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors.... Read more

    Affected Products : palm_webos
    • Published: Oct. 28, 2010
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2010-2392

    Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect integrity and availability, related to ZFS.... Read more

    Affected Products : solaris opensolaris
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2020-14390

    A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ru... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-11616

    Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and t... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jun. 09, 2025
Showing 20 of 294714 Results