Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2011-0853

    Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bundle #15 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance.... Read more

    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2011-0854

    Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance.... Read more

    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2019-0628

    An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.... Read more

    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-0816

    Unspecified vulnerability in the CMDB Metadata & Instance APIs component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote au... Read more

    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2019-0814

    An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0848.... Read more

    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-7275

    The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fi... Read more

    Affected Products : imagemagick
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2019-1010204

    GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. ... Read more

    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12495

    The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.... Read more

    Affected Products : debian_linux discount
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2009-1021

    Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2020-15580

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020).... Read more

    Affected Products : android
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-2271

    VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.... Read more

    Affected Products : xen
    • Published: Feb. 19, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2020-15582

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020).... Read more

    Affected Products : android exynos_7885
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-8846

    The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.... Read more

    Affected Products : debian_linux long_range_zip lrzip
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2020-15578

    An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020).... Read more

    Affected Products : android
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-15570

    The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.... Read more

    Affected Products : whoopsie
    • Published: Jul. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-1270

    An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'.... Read more

    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-15594

    arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-13287

    In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacke... Read more

    Affected Products : xpdfreader xpdf
    • Published: Jul. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-0528

    Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.... Read more

    Affected Products : puppet
    • Published: Feb. 17, 2014
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2018-16062

    dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.... Read more

    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results