Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-54490

    This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Dec. 19, 2024

  • 5.5

    MEDIUM
    CVE-2021-30705

    This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted ASTC file may ... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • EPSS Score: %0.26
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-30697

    A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak s... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • EPSS Score: %0.06
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-53901

    The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image.... Read more

    Affected Products : imager imager
    • Published: Nov. 24, 2024
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2024-53235

    In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fuse_read_args_fill: fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905 filemap_read_folio+0xc6/0x2a0 mm/filemap... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: Jan. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-53205

    In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe In rtk_usb2phy_probe() devm_kzalloc() may return NULL but this returned value is not checked.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: Apr. 18, 2025

  • 5.5

    MEDIUM
    CVE-2024-53204

    In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe In rtk_usb3phy_probe() devm_kzalloc() may return NULL but this returned value is not checked.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: Apr. 18, 2025

  • 5.5

    MEDIUM
    CVE-2024-52557

    In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get() This patch fixes a potential integer overflow in the zynqmp_dp_rate_get() The issue comes up when the expression drm_dp_bw_... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-20301

    In Content, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Produ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-50097

    In the Linux kernel, the following vulnerability has been resolved: net: fec: don't save PTP state if PTP is unsupported Some platforms (such as i.MX25 and i.MX27) do not support PTP, so on these platforms fec_ptp_init() is not called and the related me... Read more

    Affected Products : linux_kernel
    • Published: Nov. 05, 2024
    • Modified: Nov. 12, 2024

  • 5.5

    MEDIUM
    CVE-2024-49990

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Check GSC structure validity Sometimes xe_gsc is not initialized when checked at HDCP capability check. Add gsc structure check to avoid null pointer error.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 28, 2024

  • 5.5

    MEDIUM
    CVE-2024-47729

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use reserved copy engine for user binds on faulting devices User binds map to engines with can fault, faults depend on user binds completion, thus we can deadlock. Avoid this by... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Oct. 23, 2024

  • 5.5

    MEDIUM
    CVE-2021-29136

    Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.... Read more

    Affected Products : singularity umoci
    • EPSS Score: %0.15
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-47453

    Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue req... Read more

    Affected Products : macos windows illustrator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 5.5

    MEDIUM
    CVE-2024-47439

    Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of... Read more

    Affected Products : substance_3d_painter
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-47438

    Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could r... Read more

    Affected Products : substance_3d_painter
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-47437

    Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this... Read more

    Affected Products : substance_3d_painter
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 5.5

    MEDIUM
    CVE-2021-28657

    A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.... Read more

    • EPSS Score: %0.25
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-46856

    In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices The probe() function is only used for DP83822 and DP83826 PHY, leaving the private data pointer uninitialized for the ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Oct. 01, 2024

  • 5.5

    MEDIUM
    CVE-2021-28617

    Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of t... Read more

    Affected Products : windows animate
    • EPSS Score: %0.30
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291573 Results