Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-0030

    In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for explo... Read more

    Affected Products : android
    • Published: Feb. 16, 2024
    • Modified: Dec. 16, 2024

  • 5.5

    MEDIUM
    CVE-2008-2544

    Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.... Read more

    Affected Products : linux_kernel
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-0022

    In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional exe... Read more

    Affected Products : android
    • Published: May. 07, 2024
    • Modified: Mar. 27, 2025

  • 5.5

    MEDIUM
    CVE-2025-5141

    A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix ... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-9670

    A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the atta... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-55304

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetad... Read more

    Affected Products : exiv2
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-9650

    A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads t... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2006-0354

    Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of s... Read more

    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2024-0408

    A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resour... Read more

    • Published: Jan. 18, 2024
    • Modified: Aug. 29, 2025

  • 5.5

    MEDIUM
    CVE-2019-20334

    In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-201... Read more

    Affected Products : netwide_assembler nasm
    • Published: Jan. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-41633

    Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c.... Read more

    Affected Products : catdoc
    • Published: Sep. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27851

    A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance ... Read more

    Affected Products : guix
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-7192

    A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount over... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Jan. 02, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-10870

    Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service.... Read more

    Affected Products : zim
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-7537

    oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : ofono
    • Published: Aug. 06, 2024
    • Modified: Aug. 29, 2024

  • 5.5

    MEDIUM
    CVE-2024-3247

    In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow. ... Read more

    Affected Products : xpdf
    • Published: Apr. 02, 2024
    • Modified: Jan. 29, 2025

  • 5.5

    MEDIUM
    CVE-2024-28577

    Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format.... Read more

    Affected Products : freeimage
    • Published: Mar. 20, 2024
    • Modified: Mar. 28, 2025

  • 5.5

    MEDIUM
    CVE-2022-20011

    In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not ne... Read more

    Affected Products : android
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0326

    NULL Pointer Dereference in Homebrew mruby prior to 3.2.... Read more

    Affected Products : mruby
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46053

    A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL.... Read more

    Affected Products : binaryen
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293289 Results