Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-2499

    AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted applicat... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2022-49925

    In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() KASAN reported a null-ptr-deref error: KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] CPU: 1 PID: 379 H... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2016-2498

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.... Read more

    Affected Products : android nexus_7
    • EPSS Score: %0.07
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2459

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBu... Read more

    • EPSS Score: %0.07
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2024-44185

    The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    • Published: Oct. 24, 2024
    • Modified: Nov. 04, 2024

  • 5.5

    MEDIUM
    CVE-2016-2427

    The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via ... Read more

    • EPSS Score: %0.11
    • Published: Apr. 18, 2016
    • Modified: May. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2500

    Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2022-49615

    In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe function. But, the rt711->component doesn't be assigned y... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Mar. 11, 2025

  • 5.5

    MEDIUM
    CVE-2016-2457

    server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179.... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2426

    server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive informati... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-2383

    The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then lo... Read more

    Affected Products : linux_kernel ubuntu_linux leap
    • EPSS Score: %0.06
    • Published: Apr. 27, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2022-49439

    In the Linux kernel, the following vulnerability has been resolved: powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add mis... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2022-49126

    In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix memory leaks Fix memory leaks related to operational reply queue's memory segments which are not getting freed while unloading the driver.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-49104

    In the Linux kernel, the following vulnerability has been resolved: staging: vchiq_core: handle NULL result of find_service_by_handle In case of an invalid handle the function find_servive_by_handle returns NULL. So take care of this and avoid a NULL po... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-49008

    In the Linux kernel, the following vulnerability has been resolved: can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down In can327_feed_frame_to_netdev(), it did not free the skb when netdev is down, and all callers of ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 25, 2024

  • 5.5

    MEDIUM
    CVE-2022-48978

    In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hid_report_raw_event Syzbot reported shift-out-of-bounds in hid_report_raw_event. microsoft 0003:045E:07DA.0001: hid_field_extract() called with n... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 25, 2024

  • 5.5

    MEDIUM
    CVE-2022-48949

    In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 29, 2024

  • 5.5

    MEDIUM
    CVE-2022-48910

    In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ensure we call ipv6_mc_down() at most once There are two reasons for addrconf_notify() to be called with NETDEV_DOWN: either the network device is actually going down, or IPv... Read more

    Affected Products : linux_kernel
    • Published: Aug. 22, 2024
    • Modified: Nov. 08, 2024

  • 5.5

    MEDIUM
    CVE-2022-48836

    In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not f... Read more

    Affected Products : linux_kernel
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-48793

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebases I accidentally moved the call to nested_svm_load_cr3 to be too ear... Read more

    Affected Products : linux_kernel
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292719 Results