Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-8564

    Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when... Read more

    • EPSS Score: %22.93
    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-8493

    Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sens... Read more

    • EPSS Score: %0.53
    • Published: Jun. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-8314

    Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.... Read more

    Affected Products : debian_linux kodi
    • EPSS Score: %6.92
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-8313

    Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %0.32
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2011-2901

    Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.... Read more

    Affected Products : xen
    • EPSS Score: %0.12
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2017-8310

    Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles fil... Read more

    Affected Products : vlc_media_player
    • EPSS Score: %0.35
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2023-0593

    A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which i... Read more

    Affected Products : yaffshiv
    • EPSS Score: %0.08
    • Published: Jan. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-4247

    The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU co... Read more

    Affected Products : linux_kernel xen
    • EPSS Score: %0.62
    • Published: Jan. 11, 2011
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2023-28190

    A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • EPSS Score: %0.07
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 5.5

    MEDIUM
    CVE-2010-3706

    plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL e... Read more

    Affected Products : dovecot
    • EPSS Score: %0.40
    • Published: Oct. 06, 2010
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2017-7767

    The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system acce... Read more

    Affected Products : firefox firefox_esr windows
    • EPSS Score: %0.09
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-3078

    The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioct... Read more

    • EPSS Score: %0.05
    • Published: Sep. 21, 2010
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2017-7761

    The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction c... Read more

    Affected Products : firefox firefox_esr windows
    • EPSS Score: %0.06
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-2538

    Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.... Read more

    • EPSS Score: %0.08
    • Published: Sep. 30, 2010
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2010-2066

    The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.... Read more

    • EPSS Score: %0.06
    • Published: Sep. 08, 2010
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2017-7418

    ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. A... Read more

    Affected Products : proftpd
    • EPSS Score: %0.06
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7382

    The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.... Read more

    Affected Products : podofo
    • EPSS Score: %0.41
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7380

    The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.... Read more

    Affected Products : podofo
    • EPSS Score: %0.24
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7378

    The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.... Read more

    Affected Products : podofo
    • EPSS Score: %0.24
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2009-3630

    The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame... Read more

    Affected Products : typo3
    • EPSS Score: %0.95
    • Published: Nov. 02, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 291558 Results