Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2019-8356

    An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.... Read more

    Affected Products : sound_exchange
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-8568

    A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of t... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-8413

    On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).... Read more

    Affected Products : mi_mix_2_firmware mi_mix_2
    • Published: Feb. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-8251

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful ex... Read more

    • Published: Jul. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2004-0342

    WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a n... Read more

    Affected Products : wftpd_pro_server
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2024-10034

    The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery link text parameter in all versions up to, and ... Read more

    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 5.5

    MEDIUM
    CVE-2019-7664

    In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).... Read more

    • Published: Feb. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-7559

    In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr.... Read more

    Affected Products : btor2tools
    • Published: Feb. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-7560

    In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete.... Read more

    Affected Products : boolector
    • Published: Feb. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-7293

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-7150

    An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input ca... Read more

    • Published: Jan. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-7146

    In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.... Read more

    Affected Products : elfutils
    • Published: Jan. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-7147

    A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.... Read more

    Affected Products : netwide_assembler
    • Published: Jan. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-6974

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk locati... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2002-1975

    Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.... Read more

    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2002-1946

    Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the p... Read more

    Affected Products : integrated_dialer
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2002-1914

    dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.... Read more

    Affected Products : dump
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2019-6771

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma... Read more

    Affected Products : foxit_reader phantompdf reader windows
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-6766

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic... Read more

    Affected Products : foxit_reader phantompdf reader windows
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2002-1915

    tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.... Read more

    Affected Products : freebsd netbsd openbsd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 292815 Results