Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-6415

    The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.... Read more

    Affected Products : radare2
    • EPSS Score: %0.23
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6387

    The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.... Read more

    Affected Products : radare2
    • EPSS Score: %0.23
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-16805

    In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.... Read more

    Affected Products : radare2
    • EPSS Score: %0.20
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0647

    An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Prod... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-7151

    Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c.... Read more

    Affected Products : capstone
    • EPSS Score: %0.18
    • Published: May. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-5000

    The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.... Read more

    Affected Products : poi
    • EPSS Score: %0.30
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8234

    The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.... Read more

    Affected Products : glance
    • EPSS Score: %0.25
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-1208

    Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.33
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-26707

    An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information.... Read more

    Affected Products : macos
    • EPSS Score: %0.12
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2008-2544

    Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2005-0406

    A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.... Read more

    Affected Products : image_processing
    • EPSS Score: %0.12
    • Published: Feb. 14, 2005
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2024-57952

    In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator (based on mtree_alloc_cyclic) stores the next offset value to return in octx->next_off... Read more

    Affected Products : linux_kernel
    • Published: Feb. 12, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-21696

    In the Linux kernel, the following vulnerability has been resolved: mm: clear uffd-wp PTE/PMD state on mremap() When mremap()ing a memory region previously registered with userfaultfd as write-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsist... Read more

    Affected Products : linux_kernel
    • Published: Feb. 12, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-21697

    In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the corresponding pointer in the device must be set to NULL. Failing to do so triggers a warning w... Read more

    Affected Products : linux_kernel
    • Published: Feb. 12, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-57814

    request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are cor... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-21699

    In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 12, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-5935

    A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id l... Read more

    Affected Products : open5gs
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-53566

    An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.... Read more

    Affected Products : asterisk
    • Published: Dec. 02, 2024
    • Modified: Feb. 06, 2025

  • 5.5

    MEDIUM
    CVE-2025-26348

    A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute ... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-26358

    A CWE-20 "Improper Input Validation" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 292124 Results