Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.6

    MEDIUM
    CVE-2020-7765

    This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.... Read more

    Affected Products : firebase\/util
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2012-3440

    A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.... Read more

    Affected Products : enterprise_linux sudo
    • Published: Aug. 08, 2012
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2012-3510

    Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats T... Read more

    Affected Products : linux_kernel
    • Published: Oct. 03, 2012
    • Modified: Apr. 11, 2025

  • 5.6

    MEDIUM
    CVE-2024-35315

    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. ... Read more

    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 5.6

    MEDIUM
    CVE-2018-10472

    An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.... Read more

    Affected Products : debian_linux xen
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2015-1985

    The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.... Read more

    Affected Products : mq_appliance_m2000
    • Published: Jan. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2018-3693

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.... Read more

    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2015-0095

    The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of... Read more

    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 5.6

    MEDIUM
    CVE-2023-32020

    Windows DNS Spoofing Vulnerability... Read more

    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2017-9330

    QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.... Read more

    Affected Products : debian_linux qemu
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.6

    MEDIUM
    CVE-2020-3432

    A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of di... Read more

    • Published: Feb. 12, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Path Traversal

  • 5.6

    MEDIUM
    CVE-2024-2321

    An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies ... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2017-5753

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.... Read more

    • Published: Jan. 04, 2018
    • Modified: Jan. 14, 2025

  • 5.6

    MEDIUM
    CVE-2018-3665

    System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.... Read more

    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2019-1125

    An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerabil... Read more

    • Published: Sep. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2025-47256

    Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2022-23960

    Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cach... Read more

    • Published: Mar. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2024-24552

    A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.... Read more

    Affected Products : bludit
    • Published: Jun. 24, 2024
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2020-29012

    An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to ob... Read more

    Affected Products : fortisandbox
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2014-1213

    Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, c... Read more

    Affected Products : sophos_anti-virus scanning_engine
    • Published: Feb. 10, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 294836 Results