Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2025-57571

    Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT.... Read more

    Affected Products : f3_firmware f3
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2024-43546

    Windows Cryptographic Information Disclosure Vulnerability... Read more

    • Published: Oct. 08, 2024
    • Modified: Oct. 17, 2024

  • 5.6

    MEDIUM
    CVE-2023-4155

    A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an atta... Read more

    Affected Products : linux_kernel enterprise_linux fedora
    • Published: Sep. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2019-1171

    An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an atta... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-26356

    Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call... Read more

    Affected Products : fedora debian_linux xen
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2012-3209

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM).... Read more

    Affected Products : sunos solaris
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2006-2448

    Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possi... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.6

    MEDIUM
    CVE-2006-0755

    Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4... Read more

    Affected Products : dotproject
    • Published: Feb. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.6

    MEDIUM
    CVE-2025-48795

    Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of s... Read more

    Affected Products : cxf
    • Published: Jul. 15, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2005-4784

    Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon... Read more

    Affected Products : posix
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.6

    MEDIUM
    CVE-2024-20309

    A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specif... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 5.6

    MEDIUM
    CVE-2023-39593

    Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.... Read more

    Affected Products : mariadb
    • Published: Oct. 17, 2024
    • Modified: Jul. 10, 2025

  • 5.6

    MEDIUM
    CVE-2018-3640

    Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System ... Read more

    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2020-14758

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes... Read more

    Affected Products : solaris solaris
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-26553

    mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.... Read more

    Affected Products : ntp
    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 5.6

    MEDIUM
    CVE-2017-12552

    A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2017-12551

    A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2017-12546

    A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2025-29592

    oasys v1.1 is vulnerable to Directory Traversal in ProcedureController.... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Path Traversal

  • 5.6

    MEDIUM
    CVE-2016-3176

    Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.... Read more

    Affected Products : salt
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294717 Results