Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2015-7019

    The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different ... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2020-8911

    A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to... Read more

    Affected Products : aws_s3_crypto_sdk
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2020-7765

    This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.... Read more

    Affected Products : firebase\/util
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2012-3440

    A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.... Read more

    Affected Products : enterprise_linux sudo
    • Published: Aug. 08, 2012
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2012-3510

    Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats T... Read more

    Affected Products : linux_kernel
    • Published: Oct. 03, 2012
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2024-35315

    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. ... Read more

    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 5.6

    MEDIUM
    CVE-2018-10472

    An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.... Read more

    Affected Products : debian_linux xen
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2015-1985

    The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.... Read more

    Affected Products : mq_appliance_m2000
    • Published: Jan. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2018-3693

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.... Read more

    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2015-0095

    The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of... Read more

    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2023-32020

    Windows DNS Spoofing Vulnerability... Read more

    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2017-9330

    QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.... Read more

    Affected Products : debian_linux qemu
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.6

    MEDIUM
    CVE-2020-3432

    A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of di... Read more

    • Published: Feb. 12, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Path Traversal

  • 5.6

    MEDIUM
    CVE-2024-2321

    An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies ... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2017-5753

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.... Read more

    • Published: Jan. 04, 2018
    • Modified: Jan. 14, 2025

  • 5.6

    MEDIUM
    CVE-2018-3665

    System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.... Read more

    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2019-1125

    An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerabil... Read more

    • Published: Sep. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2025-47256

    Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2022-23960

    Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cach... Read more

    • Published: Mar. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-24552

    A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.... Read more

    Affected Products : bludit
    • Published: Jun. 24, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294733 Results