Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-42715

    An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_imag... Read more

    Affected Products : fedora debian_linux stb_image.h
    • EPSS Score: %0.08
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-20241

    Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an o... Read more

    • EPSS Score: %0.03
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-15923

    An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-37996

    Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.... Read more

    Affected Products : debian_linux chrome edge_chromium
    • EPSS Score: %0.16
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-30172

    Microsoft Office Information Disclosure Vulnerability... Read more

    • EPSS Score: %4.62
    • Published: Jun. 15, 2022
    • Modified: Jan. 02, 2025

  • 5.5

    MEDIUM
    CVE-2017-2612

    In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.... Read more

    Affected Products : jenkins
    • EPSS Score: %0.09
    • Published: May. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2015-3243

    rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.... Read more

    Affected Products : rsyslog
    • EPSS Score: %0.07
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-15954

    bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.... Read more

    Affected Products : debian_linux bchunk
    • EPSS Score: %0.31
    • Published: Oct. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2020-13294

    In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.27
    • Published: Aug. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-52449

    In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘glu... Read more

    Affected Products : linux_kernel
    • Published: Feb. 22, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-16293

    A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in... Read more

    Affected Products : ubuntu_linux debian_linux ghostscript
    • EPSS Score: %0.62
    • Published: Aug. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-18310

    An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by con... Read more

    • EPSS Score: %0.13
    • Published: Oct. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-2985

    A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Jun. 01, 2023
    • Modified: Mar. 11, 2025

  • 5.5

    MEDIUM
    CVE-2020-1419

    An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426.... Read more

    • EPSS Score: %0.84
    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-16013

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a... Read more

    • EPSS Score: %1.58
    • Published: Jan. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-1000200

    The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munloc... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-41105

    Microsoft Excel Information Disclosure Vulnerability... Read more

    • EPSS Score: %0.24
    • Published: Nov. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-2198

    QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw t... Read more

    Affected Products : debian_linux qemu
    • EPSS Score: %0.10
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2024-28902

    Windows Remote Access Connection Manager Information Disclosure Vulnerability... Read more

    • Published: Apr. 09, 2024
    • Modified: Jan. 08, 2025

  • 5.5

    MEDIUM
    CVE-2015-4857

    Unspecified vulnerability in the RDBMS component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • EPSS Score: %0.16
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291316 Results