Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-11119

    The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file.... Read more

    Affected Products : nosefart
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-43082

    In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exp... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 5.5

    MEDIUM
    CVE-2021-37519

    Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.... Read more

    Affected Products : memcached
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 5.5

    MEDIUM
    CVE-2021-36003

    Adobe Audition version 14.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of th... Read more

    Affected Products : windows audition
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-11004

    A non-secure user may be able to access certain registers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430... Read more

    • Published: Jan. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-34532

    ASP.NET Core and Visual Studio Information Disclosure Vulnerability... Read more

    Affected Products : asp.net_core visual_studio_2019
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-37692

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection wit... Read more

    Affected Products : tensorflow
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-11002

    In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur.... Read more

    Affected Products : android
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2021-33120

    Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access.... Read more

    • Published: Feb. 09, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2021-32437

    The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.... Read more

    Affected Products : gpac
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-32132

    The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.... Read more

    Affected Products : gpac
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-42677

    An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component... Read more

    • Published: Aug. 15, 2024
    • Modified: Nov. 18, 2024

  • 5.5

    MEDIUM
    CVE-2021-30963

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.... Read more

    Affected Products : macos mac_os_x
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-10995

    The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.... Read more

    Affected Products : imagemagick
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2021-30687

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously cr... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-30658

    This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks.... Read more

    Affected Products : macos
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-10897

    Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors.... Read more

    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2021-29264

    An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving ... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28951

    An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to st... Read more

    • Published: Mar. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-28678

    An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.... Read more

    Affected Products : fedora pillow
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293304 Results