Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-9398

    A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. The attack may be in... Read more

    Affected Products : yifang
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2021-3982

    Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase it... Read more

    Affected Products : gnome-shell
    • EPSS Score: %0.03
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-2519

    Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.... Read more

    • EPSS Score: %0.14
    • Published: Dec. 27, 2013
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2010-2942

    The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive informa... Read more

    • EPSS Score: %0.02
    • Published: Sep. 21, 2010
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2009-2737

    The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbi... Read more

    Affected Products : roundup roundup
    • EPSS Score: %1.06
    • Published: Aug. 11, 2009
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2009-1388

    The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system c... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Jul. 05, 2009
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2009-0892

    The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.38
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2008-4302

    fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of... Read more

    • EPSS Score: %0.15
    • Published: Sep. 29, 2008
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2008-3745

    The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.... Read more

    Affected Products : drupal upload_module
    • EPSS Score: %0.94
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2021-1637

    Windows DNS Query Information Disclosure Vulnerability... Read more

    • EPSS Score: %0.44
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2007-5626

    make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing... Read more

    Affected Products : bacula
    • EPSS Score: %0.03
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2025-53156

    Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-49567

    Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in servi... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-49524

    Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in servi... Read more

    Affected Products : macos windows illustrator
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-48812

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-47135

    Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requir... Read more

    Affected Products : macos windows dimension
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-47106

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-43587

    After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this i... Read more

    Affected Products : macos windows after_effects
    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-43578

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-33055

    Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292124 Results