Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2018-2691

    Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Proxy User Delegation). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows low... Read more

    Affected Products : user_management
    • EPSS Score: %0.20
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-22070

    In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL set for its subdirectories, e.g.: setfacl -m defaul... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-22063

    In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 s... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2018-20510

    The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines in a debugfs file.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Apr. 30, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-20460

    In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.... Read more

    Affected Products : radare2
    • EPSS Score: %0.19
    • Published: Dec. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-22037

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Aug. 09, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2018-19976

    In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.... Read more

    Affected Products : yara
    • EPSS Score: %0.27
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-19974

    In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).... Read more

    Affected Products : yara
    • EPSS Score: %0.27
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-19777

    In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.... Read more

    Affected Products : debian_linux mupdf
    • EPSS Score: %0.28
    • Published: Nov. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-1957

    IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X-Forc... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.07
    • Published: Dec. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-22011

    In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI power-domain resume: root@raspberrypi:/sys/power# echo freeze ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 08, 2025
    • Modified: Apr. 10, 2025

  • 5.5

    MEDIUM
    CVE-2018-18459

    The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.22
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-18457

    The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.22
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-18456

    The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.53
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-17154

    In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a d... Read more

    Affected Products : freebsd
    • EPSS Score: %0.04
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-21990

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.resource will be NULL. Check for that before dereferencing.... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21980

    In the Linux kernel, the following vulnerability has been resolved: sched: address a potential NULL pointer dereference in the GRED scheduler. If kzalloc in gred_init returns a NULL pointer, the code follows the error handling path, invoking gred_destro... Read more

    Affected Products : linux_kernel
    • Published: Apr. 01, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2018-16369

    XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.77
    • Published: Sep. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-48849

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bypass tiling flag check in virtual display case (v2) vkms leverages common amdgpu framebuffer creation, and also as it does not support FB modifier, there is no need to che... Read more

    Affected Products : linux_kernel
    • Published: Jul. 16, 2024
    • Modified: Jun. 19, 2025

  • 5.5

    MEDIUM
    CVE-2018-16368

    SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.40
    • Published: Sep. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results