Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-21904

    In the Linux kernel, the following vulnerability has been resolved: caif_virtio: fix wrong pointer check in cfv_probe() del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked for NULL before calling it, not cfv->vdev. Also the curren... Read more

    Affected Products : linux_kernel
    • Published: Apr. 01, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21901

    In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add sanity checks on rdev validity There is a possibility that ulp_irq_stop and ulp_irq_start callbacks will be called when the device is in detached state. This can cause... Read more

    Affected Products : linux_kernel
    • Published: Apr. 01, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2018-11254

    An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related... Read more

    Affected Products : podofo
    • EPSS Score: %0.37
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-5226

    P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier... Read more

    • EPSS Score: %0.06
    • Published: Nov. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10074

    The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-1000037

    In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.... Read more

    Affected Products : debian_linux mupdf
    • EPSS Score: %0.30
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-21864

    In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6_tunnel_net_exit while running tests that boil down to: - create a pair of netns -... Read more

    Affected Products : linux_kernel
    • Published: Mar. 12, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21854

    In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsock_proto::psock_update_sk_prot(). However,... Read more

    Affected Products : linux_kernel
    • Published: Mar. 12, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-21853

    In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The w... Read more

    Affected Products : linux_kernel
    • Published: Mar. 12, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-21849

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Use spin_lock_irqsave() in interruptible context spin_lock/unlock() functions used in interrupt contexts could result in a deadlock, as seen in GitLab issue #13399, which o... Read more

    Affected Products : linux_kernel
    • Published: Mar. 12, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-21814

    In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL derefer... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2018-0761

    The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosu... Read more

    Affected Products : windows_7 windows_server_2008
    • EPSS Score: %6.28
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-0755

    The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosu... Read more

    Affected Products : windows_7 windows_server_2008
    • EPSS Score: %6.28
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-0750

    The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".... Read more

    Affected Products : windows_7 windows_server_2008
    • EPSS Score: %1.04
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-21775

    In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If skb allocation fails, the pointer to struct can_frame is NULL. This is actually handled everywhere inside ctucan_err_interrupt() except f... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2018-0123

    A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should ... Read more

    Affected Products : ios_xe ios
    • EPSS Score: %0.08
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-9870

    The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the... Read more

    Affected Products : lame
    • EPSS Score: %0.40
    • Published: Jun. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9869

    The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.... Read more

    Affected Products : lame
    • EPSS Score: %0.81
    • Published: Jun. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9472

    In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.... Read more

    Affected Products : ytnef
    • EPSS Score: %0.20
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9412

    The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.... Read more

    Affected Products : lame
    • EPSS Score: %2.48
    • Published: Jul. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291295 Results