Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2008-1785

    delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.... Read more

    Affected Products : top_100
    • Published: Apr. 15, 2008
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2023-6287

    Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.... Read more

    Affected Products : checkmk_appliance_firmware
    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10654

    The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than ... Read more

    Affected Products : long_range_zip lrzip
    • Published: Mar. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-20374

    An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c.... Read more

    Affected Products : tinycc
    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-18650

    An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting ... Read more

    Affected Products : xpdf
    • Published: Oct. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12322

    There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.... Read more

    Affected Products : radare2
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-9761

    The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.... Read more

    Affected Products : radare2
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9520

    The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.... Read more

    Affected Products : radare2
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5851

    The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no... Read more

    Affected Products : mp3splt
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5666

    The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file.... Read more

    Affected Products : mp3splt
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-13666

    An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. Thi... Read more

    Affected Products : x265
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-8678

    The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support ... Read more

    Affected Products : imagemagick
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-7438

    The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.... Read more

    Affected Products : wolfssl
    • Published: Dec. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2015-8697

    stalin 0.11-5 allows local users to write to arbitrary files.... Read more

    Affected Products : stalin
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2023-6039

    A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-53099

    Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code w... Read more

    Affected Products : sentry
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-6017

    A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. Thi... Read more

    • Published: Jul. 02, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2019-1472

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474.... Read more

    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-1464

    An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.... Read more

    Affected Products : office office_365_proplus excel
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-7067

    A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approa... Read more

    Affected Products : hdf5
    • Published: Jul. 04, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292803 Results