Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-4910

    A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.... Read more

    Affected Products : 3scale_api_management
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-40550

    An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.... Read more

    Affected Products : enterprise_linux fedora shim libssh
    • Published: Jan. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-3576

    A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an applic... Read more

    Affected Products : enterprise_linux fedora libtiff
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-54080

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to wri... Read more

    Affected Products : exiv2
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2020-17138

    Windows Error Reporting Information Disclosure Vulnerability... Read more

    • Published: Dec. 10, 2020
    • Modified: Aug. 28, 2025

  • 5.5

    MEDIUM
    CVE-2020-17098

    Windows GDI+ Information Disclosure Vulnerability... Read more

    • Published: Dec. 10, 2020
    • Modified: Aug. 28, 2025

  • 5.5

    MEDIUM
    CVE-2020-17094

    Windows Error Reporting Information Disclosure Vulnerability... Read more

    • Published: Dec. 10, 2020
    • Modified: Aug. 28, 2025

  • 5.5

    MEDIUM
    CVE-2025-53765

    Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-37925

    In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID:... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-42085

    In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system to enter suspend status wit... Read more

    Affected Products : linux_kernel
    • Published: Jul. 29, 2024
    • Modified: Aug. 28, 2025

  • 5.5

    MEDIUM
    CVE-2021-47498

    In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such a... Read more

    Affected Products : linux_kernel
    • Published: May. 22, 2024
    • Modified: Aug. 28, 2025

  • 5.5

    MEDIUM
    CVE-2021-47455

    In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptp_clock_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 (size 8): comm "i2c-idt82p3... Read more

    Affected Products : linux_kernel
    • Published: May. 22, 2024
    • Modified: Aug. 28, 2025

  • 5.5

    MEDIUM
    CVE-2021-47070

    In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probe function is never freed in the error handling path... Read more

    Affected Products : linux_kernel
    • Published: Mar. 01, 2024
    • Modified: Aug. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-54175

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions.... Read more

    Affected Products : mq
    • Published: Feb. 28, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-30039

    Windows Remote Access Connection Manager Information Disclosure Vulnerability... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 27, 2025

  • 5.5

    MEDIUM
    CVE-2025-20290

    A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects, and Cisco UCS ... Read more

    Affected Products : nx-os unified_computing_system
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-57704

    Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability.... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 5.5

    MEDIUM
    CVE-2022-22414

    IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026.... Read more

    Affected Products : robotic_process_automation windows
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-49740

    In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2021-41639

    MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.... Read more

    Affected Products : ftp_server
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293616 Results