Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-28571

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format.... Read more

    Affected Products : freeimage
    • Published: Mar. 20, 2024
    • Modified: Mar. 28, 2025

  • 5.5

    MEDIUM
    CVE-2012-3367

    Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke... Read more

    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2020-29610

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously c... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-28565

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format.... Read more

    Affected Products : freeimage
    • Published: Mar. 20, 2024
    • Modified: Mar. 28, 2025

  • 5.5

    MEDIUM
    CVE-2018-3639

    Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a s... Read more

    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-6834

    Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.... Read more

    Affected Products : debian_linux audiofile
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-28345

    An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL.... Read more

    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2020-29379

    An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.... Read more

    • Published: Nov. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-28144

    An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 5.5

    MEDIUM
    CVE-2017-9474

    In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.... Read more

    Affected Products : ytnef
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2018-6253

    NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service.... Read more

    • Published: Apr. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-9954

    The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex... Read more

    Affected Products : binutils
    • Published: Jun. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2014-1859

    (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : enterprise_linux fedora numpy
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-27884

    This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jul. 29, 2024
    • Modified: Mar. 13, 2025

  • 5.5

    MEDIUM
    CVE-2018-7454

    A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.... Read more

    Affected Products : xpdf
    • Published: Feb. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-27880

    An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file ma... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Sep. 17, 2024
    • Modified: Mar. 25, 2025

  • 5.5

    MEDIUM
    CVE-2018-7740

    The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system cal... Read more

    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-1000036

    In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.... Read more

    Affected Products : debian_linux mupdf
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-27875

    A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly.... Read more

    Affected Products : macos
    • Published: Sep. 17, 2024
    • Modified: Mar. 25, 2025

  • 5.5

    MEDIUM
    CVE-2014-1685

    The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.... Read more

    Affected Products : fedora zabbix
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293355 Results