Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2018-5711

    gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a... Read more

    Affected Products : ubuntu_linux debian_linux php
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-2599

    Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).... Read more

    Affected Products : jenkins
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-6191

    The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.... Read more

    Affected Products : mujs
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-8101

    The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.... Read more

    Affected Products : xpdf
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-8445

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, ... Read more

    Affected Products : windows_10 windows_server
    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-15650

    Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are... Read more

    Affected Products : android firefox_esr
    • Published: Aug. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-0855

    Unspecified vulnerability in the InForm component in Oracle Industry Applications 4.5, 4.6, and 5.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core.... Read more

    Affected Products : industry_applications
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2011-0861

    Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Update 2011-B and 9.1 Update 2011-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll Core.... Read more

    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2011-0859

    Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax Update 11-B and 9.1 Tax Update 11-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll - North America.... Read more

    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2011-0858

    Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bundle #15 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager.... Read more

    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2011-0853

    Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bundle #15 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance.... Read more

    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2011-0854

    Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance.... Read more

    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2019-0628

    An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.... Read more

    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-0816

    Unspecified vulnerability in the CMDB Metadata & Instance APIs component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote au... Read more

    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2019-0814

    An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0848.... Read more

    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-7275

    The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fi... Read more

    Affected Products : imagemagick
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2019-1010204

    GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. ... Read more

    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12495

    The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.... Read more

    Affected Products : debian_linux discount
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2009-1021

    Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2020-15580

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020).... Read more

    Affected Products : android
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292824 Results