Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-7045

    An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.25
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2025-21666

    In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Recent reports have shown how we sometimes call vsock_*_has_data() when a vsock socket has been de-assigned from a transport... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21665

    In the Linux kernel, the following vulnerability has been resolved: filemap: avoid truncating 64-bit offset to 32 bits On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading to a possible infinite loop ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2017-6976

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to bypass intended access restrictions (for iCloud user records) via a crafted app.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.23
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-21644

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix tlb invalidation when wedging If GuC fails to load, the driver wedges, but in the process it tries to do stuff that may not be initialized yet. This moves the xe_gt_tlb_inva... Read more

    Affected Products : linux_kernel
    • Published: Jan. 19, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2017-6404

    An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.... Read more

    Affected Products : netbackup_appliance netbackup
    • EPSS Score: %0.05
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2025-21640

    In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different re... Read more

    Affected Products : linux_kernel
    • Published: Jan. 19, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2017-6270

    NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero an... Read more

    Affected Products : android windows gpu_driver
    • EPSS Score: %0.05
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2025-21637

    In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 19, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2017-6197

    The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.... Read more

    Affected Products : radare2
    • EPSS Score: %0.28
    • Published: Feb. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5994

    Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter.... Read more

    Affected Products : virglrenderer
    • EPSS Score: %0.07
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5809

    A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.... Read more

    Affected Products : data_protector
    • EPSS Score: %0.66
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-2507

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass ... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • EPSS Score: %0.26
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-2489

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %1.65
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-2293

    Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these... Read more

    Affected Products : puppet_enterprise
    • EPSS Score: %0.22
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18549

    An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.25
    • Published: Aug. 19, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-23457

    A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.... Read more

    Affected Products : fedora upx upx
    • EPSS Score: %0.02
    • Published: Jan. 12, 2023
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2017-18240

    The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root ... Read more

    Affected Products : collectd
    • EPSS Score: %0.04
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18237

    An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash)... Read more

    Affected Products : exempi
    • EPSS Score: %0.40
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18200

    The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291358 Results