Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-45846

    Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products : macos power_gadget
    • Published: May. 16, 2024
    • Modified: Aug. 28, 2025

  • 5.5

    MEDIUM
    CVE-2023-50120

    MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.... Read more

    Affected Products : gpac
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2022-38233

    XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc.... Read more

    Affected Products : xpdf
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-6560

    An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-6525

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes i... Read more

    • Published: Mar. 16, 2024
    • Modified: Jan. 08, 2025

  • 5.5

    MEDIUM
    CVE-2021-46050

    A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.... Read more

    Affected Products : binaryen
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-33463

    An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c.... Read more

    Affected Products : yasm
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-33461

    An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c.... Read more

    Affected Products : yasm
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-32275

    An issue was discovered in faust through v2.30.5. A NULL pointer dereference exists in the function CosPrim::computeSigOutput() located in cosprim.hh. It allows an attacker to cause Denial of Service.... Read more

    Affected Products : faust
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-35919

    An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation.... Read more

    Affected Products : net2
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-20628

    An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.... Read more

    Affected Products : gpac
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-20166

    An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c.... Read more

    Affected Products : gpac
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-19308

    In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).... Read more

    Affected Products : gnome-font-viewer
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-16088

    Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.... Read more

    Affected Products : xpdfreader xpdf
    • Published: Sep. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-8808

    In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.... Read more

    Affected Products : radare2
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-1998

    In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • Published: Feb. 28, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-19763

    There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.... Read more

    Affected Products : libsixel
    • Published: Nov. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-14017

    The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_ja... Read more

    Affected Products : radare2
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11376

    The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.... Read more

    Affected Products : radare2
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-45673

    IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be... Read more

    • Published: Feb. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293302 Results