Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-43750

    Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Explo... Read more

    Affected Products : windows premiere_rush
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-30671

    Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Ex... Read more

    Affected Products : macos windows indesign
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2012-4095

    The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521.... Read more

    Affected Products : unified_computing_system
    • Published: Oct. 02, 2013
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2021-45402

    The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer le... Read more

    Affected Products : linux_kernel
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46908

    In the Linux kernel, the following vulnerability has been resolved: bpf: Use correct permission flag for mixed signed bounds arithmetic We forbid adding unknown scalars with mixed signed bounds due to the spectre v1 masking mitigation. Hence this also n... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-40741

    Adobe Audition version 14.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-o... Read more

    Affected Products : macos windows audition
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-24442

    Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users wi... Read more

    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 5.5

    MEDIUM
    CVE-2012-4021

    MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors.... Read more

    Affected Products : kintai_kanri
    • Published: Nov. 08, 2012
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2017-0242

    An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability."... Read more

    Affected Products : windows_7 windows_server_2008
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-21163

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access... Read more

    Affected Products : mysql mysql_server
    • Published: Jul. 16, 2024
    • Modified: Mar. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-21161

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 16, 2024
    • Modified: Mar. 26, 2025

  • 5.5

    MEDIUM
    CVE-2023-28298

    Windows Kernel Denial of Service Vulnerability... Read more

    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-38791

    In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.... Read more

    Affected Products : fedora mariadb
    • Published: Aug. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-46351

    A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-48688

    In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during module removal The driver incorrectly frees client instance and subsequent i40e module removal leads to kernel crash. Reproducer: 1. Do ethtool offline te... Read more

    Affected Products : linux_kernel
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-22007

    The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-38253

    An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.... Read more

    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-48963

    In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_mux_init() When failed to alloc ipc_mux->ul_adb.pp_qlt in ipc_mux_init(), ipc_mux is not released.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 24, 2024

  • 5.5

    MEDIUM
    CVE-2022-49887

    In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got by v4l2_device_register when vdec_probe fails or vdec_rem... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2012-3392

    mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscrib... Read more

    Affected Products : moodle
    • Published: Jul. 23, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293344 Results