Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2016-8924

    IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's sessio... Read more

    Affected Products : maximo_asset_management
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.6

    MEDIUM
    CVE-2005-0109

    Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensi... Read more

    • Published: Mar. 05, 2005
    • Modified: Apr. 03, 2025

  • 5.6

    MEDIUM
    CVE-2016-5242

    The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding refere... Read more

    Affected Products : xen
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2016-4811

    The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors.... Read more

    Affected Products : japan_connected-free_wi-fi
    • Published: Jun. 19, 2016
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2022-32482

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. ... Read more

    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2019-3901

    A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task ... Read more

    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2019-2525

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-36894

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the U... Read more

    Affected Products : linux_kernel
    • Published: May. 30, 2024
    • Modified: Apr. 01, 2025

  • 5.6

    MEDIUM
    CVE-2017-9310

    QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outsid... Read more

    Affected Products : debian_linux qemu
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.6

    MEDIUM
    CVE-2015-7019

    The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different ... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2020-8911

    A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to... Read more

    Affected Products : aws_s3_crypto_sdk
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2020-7765

    This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.... Read more

    Affected Products : firebase\/util
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2012-3440

    A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.... Read more

    Affected Products : enterprise_linux sudo
    • Published: Aug. 08, 2012
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2012-3510

    Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats T... Read more

    Affected Products : linux_kernel
    • Published: Oct. 03, 2012
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2024-35315

    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. ... Read more

    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 5.6

    MEDIUM
    CVE-2018-10472

    An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.... Read more

    Affected Products : debian_linux xen
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2015-1985

    The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.... Read more

    Affected Products : mq_appliance_m2000
    • Published: Jan. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2018-3693

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.... Read more

    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2015-0095

    The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of... Read more

    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2023-32020

    Windows DNS Spoofing Vulnerability... Read more

    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294824 Results