Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2019-17064

    Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.... Read more

    Affected Products : xpdfreader
    • EPSS Score: %0.37
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2009-1388

    The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system c... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Jul. 05, 2009
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2019-1402

    An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.... Read more

    Affected Products : office office_365_proplus office_365
    • EPSS Score: %2.13
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2009-0892

    The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.38
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2023-52722

    An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.... Read more

    Affected Products : ghostscript
    • Published: Apr. 28, 2024
    • Modified: Jun. 23, 2025

  • 5.5

    MEDIUM
    CVE-2023-52706

    In the Linux kernel, the following vulnerability has been resolved: gpio: sim: fix a memory leak Fix an inverted logic bug in gpio_sim_remove_hogs() that leads to GPIO hog structures never being freed.... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Jan. 06, 2025

  • 5.5

    MEDIUM
    CVE-2023-52690

    In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-52678

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Before using list_first_entry, make sure to check that list is not empty, if list is empty retu... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-16572

    Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.... Read more

    Affected Products : weibo
    • EPSS Score: %0.02
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-16552

    A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a f... Read more

    Affected Products : gerrit_trigger
    • EPSS Score: %0.03
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-52674

    In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't attempt to access o... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Apr. 07, 2025

  • 5.5

    MEDIUM
    CVE-2019-16559

    A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system... Read more

    Affected Products : websphere_deployer
    • EPSS Score: %0.03
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-16349

    Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class.... Read more

    Affected Products : bento4
    • EPSS Score: %0.18
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-1400

    An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.... Read more

    Affected Products : office office_365_proplus
    • EPSS Score: %1.65
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-52646

    In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm-... Read more

    Affected Products : linux_kernel
    • Published: Apr. 26, 2024
    • Modified: Jan. 27, 2025

  • 5.5

    MEDIUM
    CVE-2019-16210

    Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.... Read more

    Affected Products : brocade_sannav
    • EPSS Score: %0.03
    • Published: Nov. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-52631

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The "size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow on a... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2024
    • Modified: Apr. 08, 2025

  • 5.5

    MEDIUM
    CVE-2019-16167

    sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.... Read more

    • EPSS Score: %0.18
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2007-5626

    make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing... Read more

    Affected Products : bacula
    • EPSS Score: %0.03
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2019-16025

    A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient v... Read more

    Affected Products : emergency_responder
    • EPSS Score: %0.16
    • Published: Sep. 23, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292425 Results