Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-6228

    An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.... Read more

    Affected Products : enterprise_linux libtiff
    • Published: Dec. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-9405

    A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit h... Read more

    Affected Products : open5gs
    • Published: Aug. 25, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-5083

    The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more

    Affected Products : amministrazione_trasparente
    • Published: Aug. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-49178

    A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.... Read more

    • Published: Jun. 17, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-8775

    A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: ... Read more

    Affected Products :
    • Published: Sep. 14, 2024
    • Modified: Feb. 10, 2025

  • 5.5

    MEDIUM
    CVE-2025-0736

    A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unaut... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-4840

    An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.... Read more

    Affected Products : glance-store
    • Published: May. 14, 2024
    • Modified: Nov. 25, 2024

  • 5.5

    MEDIUM
    CVE-2023-43788

    A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.... Read more

    Affected Products : enterprise_linux fedora libxpm
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-0690

    An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue ma... Read more

    • Published: Feb. 06, 2024
    • Modified: Jan. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-0639

    A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Jan. 17, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-9675

    A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android applicat... Read more

    Affected Products : android voice_changer
    • Published: Aug. 29, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-54554

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2020-17126

    Microsoft Excel Information Disclosure Vulnerability... Read more

    • Published: Dec. 10, 2020
    • Modified: Aug. 28, 2025

  • 5.5

    MEDIUM
    CVE-2018-3181

    Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC ENOAD). The supported version that is affected is 8.0. Easily exploitable vulnerability allows low privileg... Read more

    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-30438

    This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notifica... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Mar. 31, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-2986

    IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc... Read more

    Affected Products : maximo_asset_management
    • Published: Apr. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-57996

    In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 actually checks for this and this patch adds the check in k... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-2867

    libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in som... Read more

    Affected Products : fedora debian_linux libtiff
    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-47183

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 10, 2024
    • Modified: Aug. 28, 2025

  • 5.5

    MEDIUM
    CVE-2021-47076

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic op... Read more

    Affected Products : linux_kernel
    • Published: Mar. 01, 2024
    • Modified: Aug. 28, 2025
Showing 20 of 293634 Results