Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2020-8448

    In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local user.... Read more

    Affected Products : ossec
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-47437

    Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this... Read more

    Affected Products : substance_3d_painter
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-47439

    Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of... Read more

    Affected Products : substance_3d_painter
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 5.5

    MEDIUM
    CVE-2017-5082

    Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page.... Read more

    Affected Products : android chrome
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-47419

    Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue... Read more

    Affected Products : macos windows animate
    • Published: Oct. 09, 2024
    • Modified: Oct. 10, 2024

  • 5.5

    MEDIUM
    CVE-2024-47435

    Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this... Read more

    Affected Products : substance_3d_painter
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-47456

    Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue req... Read more

    Affected Products : macos windows illustrator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2017-5025

    FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.... Read more

    Affected Products : chrome
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2020-36781

    In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix reference leak when pm_runtime_get_sync fails In i2c_imx_xfer() and i2c_imx_remove(), the pm reference count is not expected to be incremented on return. However, pm_runt... Read more

    Affected Products : linux_kernel
    • Published: Feb. 28, 2024
    • Modified: Dec. 06, 2024

  • 5.5

    MEDIUM
    CVE-2017-4900

    VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.... Read more

    Affected Products : workstation_pro workstation_player
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-4945

    VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945.... Read more

    Affected Products : workstation mac_os_x fusion
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-47149

    Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.... Read more

    Affected Products : magic_os magicos
    • Published: Dec. 26, 2024
    • Modified: Jun. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-49943

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: add missing locking in wedged_fini Any non-wedged queue can have a zero refcount here and can be running concurrently with an async queue destroy, therefore dereferen... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 01, 2024

  • 5.5

    MEDIUM
    CVE-2024-47143

    In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radix_lock radix_lock() shouldn't be held while holding dma_hash_entry[idx].lock otherwise, there's a possible deadlock scenario when dma debug API... Read more

    Affected Products : linux_kernel
    • Published: Jan. 11, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2024-47102

    IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service.... Read more

    Affected Products : aix vios
    • Published: Dec. 25, 2024
    • Modified: Jul. 25, 2025

  • 5.5

    MEDIUM
    CVE-2024-49857

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: set the cipher for secured NDP ranging The cipher pointer is not set, but is derefereced trying to set its content, which leads to a NULL pointer dereference. Fix it... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 22, 2024

  • 5.5

    MEDIUM
    CVE-2020-27760

    In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses... Read more

    Affected Products : debian_linux imagemagick
    • Published: Dec. 03, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-2729

    Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network acces... Read more

    Affected Products : identity_manager
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-27123

    A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulne... Read more

    Affected Products : anyconnect_secure_mobility_client
    • Published: Nov. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-47019

    In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not n... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024
Showing 20 of 292803 Results