Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2020-13497

    An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypa... Read more

    Affected Products : macos openusd
    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-0573

    Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : csi2_host_controller
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-20692

    In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418040; Is... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-12754

    AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the ... Read more

    Affected Products : anydesk
    • Published: Dec. 30, 2024
    • Modified: Aug. 14, 2025

  • 5.5

    MEDIUM
    CVE-2025-5468

    Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025)... Read more

    Affected Products : connect_secure policy_secure
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-54636

    Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2023-46407

    FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.... Read more

    Affected Products : ffmpeg
    • Published: Oct. 27, 2023
    • Modified: Aug. 11, 2025

  • 5.5

    MEDIUM
    CVE-2025-8738

    A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /actuator of the component Spring Actuator Interface. The manipulation leads to information dis... Read more

    Affected Products : microservices-platform
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-2877

    Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, ... Read more

    Affected Products : vault
    • Published: Apr. 30, 2024
    • Modified: Aug. 08, 2025

  • 5.5

    MEDIUM
    CVE-2024-49351

    IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.... Read more

    • Published: Nov. 26, 2024
    • Modified: Aug. 08, 2025

  • 5.5

    MEDIUM
    CVE-2023-37359

    Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit th... Read more

    Affected Products : kofax_power_pdf power_pdf
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 5.5

    MEDIUM
    CVE-2023-37356

    Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit th... Read more

    Affected Products : kofax_power_pdf power_pdf
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-5512

    Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit th... Read more

    Affected Products : kofax_power_pdf power_pdf
    • Published: Nov. 22, 2024
    • Modified: Aug. 07, 2025

  • 5.5

    MEDIUM
    CVE-2025-8546

    A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the ... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2024-1978

    The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers, with administrator-level access and ab... Read more

    Affected Products : friends
    • Published: Feb. 29, 2024
    • Modified: Aug. 01, 2025

  • 5.5

    MEDIUM
    CVE-2024-20324

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 5.5

    MEDIUM
    CVE-2024-32926

    there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 22, 2025

  • 5.5

    MEDIUM
    CVE-2024-47015

    In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction ... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Jul. 24, 2025

  • 5.5

    MEDIUM
    CVE-2025-7233

    IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IrfanView CADImage Plugin. User interaction is re... Read more

    Affected Products : irfanview cadimage
    • Published: Jul. 21, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-48188

    libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.... Read more

    Affected Products : pspp
    • Published: May. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 294701 Results