Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2019-10949

    Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted proj... Read more

    Affected Products : cncsoft_screeneditor
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-24754

    libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.... Read more

    Affected Products : debian_linux libde265
    • Published: Mar. 01, 2023
    • Modified: Mar. 07, 2025

  • 5.5

    MEDIUM
    CVE-2019-10616

    Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industri... Read more

    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-50374

    Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10. ... Read more

    Affected Products :
    • Published: Mar. 28, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10618

    Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390... Read more

    Affected Products : qca6390_firmware qca6390
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-28928

    In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).... Read more

    Affected Products : fedora debian_linux musl graalvm
    • Published: Nov. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10649

    In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.... Read more

    Affected Products : ubuntu_linux debian_linux imagemagick
    • Published: Mar. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2013-3242

    plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a d... Read more

    Affected Products : joomla\!
    • Published: May. 03, 2013
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2019-10535

    Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating through loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapd... Read more

    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10430

    Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.... Read more

    Affected Products : neuvector_vulnerability_scanner
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10420

    Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.... Read more

    Affected Products : assembla
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10398

    Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.... Read more

    Affected Products : beaker_builder
    • Published: Sep. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10364

    Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.... Read more

    Affected Products : amazon_ec2 ec2
    • Published: Jul. 31, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10424

    Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.... Read more

    Affected Products : eloyente
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10367

    Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied.... Read more

    Affected Products : configuration_as_code
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-23534

    The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process memory.... Read more

    Affected Products : macos
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 5.5

    MEDIUM
    CVE-2013-0375

    Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.... Read more

    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2019-10024

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.... Read more

    Affected Products : xpdf
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10108

    An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.... Read more

    Affected Products : gitlab
    • Published: May. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-1020014

    docker-credential-helpers before 0.6.3 has a double free in the List functions.... Read more

    Affected Products : ubuntu_linux fedora credential_helpers
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292770 Results