Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2020-22673

    Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.... Read more

    Affected Products : gpac
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-6567

    A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPL... Read more

    • Published: Jun. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-1938

    python-rply before 0.7.4 insecurely creates temporary files.... Read more

    Affected Products : rply
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-2760

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-22430

    Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. ... Read more

    Affected Products : powerscale_onefs
    • Published: Feb. 01, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-22380

    Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). B... Read more

    Affected Products : electronic_delivery_check_system
    • Published: Jan. 24, 2024
    • Modified: Jun. 05, 2025

  • 5.5

    MEDIUM
    CVE-2012-5603

    proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consum... Read more

    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2015-8727

    The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-a... Read more

    Affected Products : wireshark
    • Published: Jan. 04, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2012-5644

    libuser has information disclosure when moving user's home directory... Read more

    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-22336

    IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Feb. 17, 2024
    • Modified: Dec. 04, 2024

  • 5.5

    MEDIUM
    CVE-2024-22318

    IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is e... Read more

    Affected Products : i_access_client_solutions
    • Published: Feb. 09, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-0543

    Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    • Published: Jun. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2012-5527

    Claws Mail vCalendar plugin: credentials exposed on interface... Read more

    Affected Products : vcalendar
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-0794

    A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2012-5523

    core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permissio... Read more

    Affected Products : mantisbt
    • Published: Nov. 16, 2012
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2020-3889

    A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files.... Read more

    Affected Products : macos mac_os_x
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-5718

    In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.... Read more

    Affected Products : debian_linux wireshark
    • Published: Jan. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-1160

    An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.... Read more

    • Published: Jun. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-22236

    In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the sh... Read more

    Affected Products : spring_cloud_contract
    • Published: Jan. 31, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2024-22104

    Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).... Read more

    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293186 Results