Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-7619

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "libarchive" component, which allows local users to write to arbitrary files via vec... Read more

    Affected Products : mac_os_x iphone_os watchos
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-7562

    The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-7440

    The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.... Read more

    Affected Products : debian_linux mysql mariadb wolfssl
    • Published: Dec. 13, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2019-13133

    ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.... Read more

    Affected Products : leap imagemagick
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-6906

    The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.... Read more

    Affected Products : libgd
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2023-2664

     In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. ... Read more

    Affected Products : xpdf
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-5309

    The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5;... Read more

    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2019-13032

    An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not S... Read more

    Affected Products : flightcrew
    • Published: Jun. 28, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-13014

    Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgr... Read more

    Affected Products : little_snitch
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-12984

    A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-4797

    Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2... Read more

    Affected Products : fedora openjpeg
    • Published: Feb. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2019-12972

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of typ... Read more

    Affected Products : ubuntu_linux leap binutils
    • Published: Jun. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-26382

    Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue ... Read more

    Affected Products : macos windows dimension
    • Published: Apr. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-12913

    Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.... Read more

    Affected Products : shift
    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-26356

    Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue... Read more

    Affected Products : dimension
    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-12864

    SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/qu... Read more

    • Published: May. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-52780

    In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm is... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Feb. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-52773

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() When ddc_service_construct() is called, it explicitly checks both the link type and whether there is something on... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-26355

    Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue... Read more

    Affected Products : dimension
    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-1802

    CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293343 Results