Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2006-0755

    Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4... Read more

    Affected Products : dotproject
    • Published: Feb. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.6

    MEDIUM
    CVE-2025-48795

    Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of s... Read more

    Affected Products : cxf
    • Published: Jul. 15, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2005-4784

    Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon... Read more

    Affected Products : posix
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.6

    MEDIUM
    CVE-2024-20309

    A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specif... Read more

    Affected Products : ios_xe
    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 5.6

    MEDIUM
    CVE-2023-39593

    Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.... Read more

    Affected Products : mariadb
    • Published: Oct. 17, 2024
    • Modified: Jul. 10, 2025

  • 5.6

    MEDIUM
    CVE-2018-3640

    Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System ... Read more

    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2020-14758

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes... Read more

    Affected Products : solaris solaris
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2023-26553

    mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.... Read more

    Affected Products : ntp
    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 5.6

    MEDIUM
    CVE-2017-12552

    A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2017-12551

    A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2017-12546

    A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2025-29592

    oasys v1.1 is vulnerable to Directory Traversal in ProcedureController.... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Path Traversal

  • 5.6

    MEDIUM
    CVE-2016-3176

    Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.... Read more

    Affected Products : salt
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.6

    MEDIUM
    CVE-2015-7020

    The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different ... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2018-19965

    An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an i... Read more

    Affected Products : debian_linux xen xenserver
    • Published: Dec. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2014-4364

    The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptogra... Read more

    Affected Products : iphone_os tvos
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2018-16868

    A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to ex... Read more

    Affected Products : gnutls
    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2010-5332

    In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating t... Read more

    Affected Products : linux_kernel
    • Published: Jul. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2018-12126

    Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impac... Read more

    • Published: May. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2018-12127

    Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted pr... Read more

    • Published: May. 30, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294733 Results