Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-37174

    GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.... Read more

    Affected Products : gpac
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-42282

    In the Linux kernel, the following vulnerability has been resolved: net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling Move the freeing of the dummy net_device from mtk_free_dev() to mtk_remove(). Previously, if alloc_ne... Read more

    Affected Products : linux_kernel
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2023-37141

    ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().... Read more

    Affected Products : chakracore
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-39477

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: do not call vma_add_reservation upon ENOMEM sysbot reported a splat [1] on __unmap_hugepage_range(). This is because vma_needs_reservation() can return -ENOMEM if allocate_... Read more

    Affected Products : linux_kernel
    • Published: Jul. 05, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-39387

    Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue ... Read more

    Affected Products : macos windows bridge
    • Published: Aug. 14, 2024
    • Modified: Aug. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-36505

    An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothet... Read more

    Affected Products : fortios
    • Published: Aug. 13, 2024
    • Modified: Aug. 22, 2024

  • 5.5

    MEDIUM
    CVE-2024-35784

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock repl... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Jan. 10, 2025

  • 5.5

    MEDIUM
    CVE-2016-7843

    Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-34137

    Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 14, 2024
    • Modified: Aug. 15, 2024

  • 5.5

    MEDIUM
    CVE-2018-4104

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intend... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-36889

    Windows Group Policy Security Feature Bypass Vulnerability... Read more

    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-36862

    A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.... Read more

    Affected Products : macos
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-30309

    Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation ... Read more

    Affected Products : substance_3d_painter
    • Published: May. 16, 2024
    • Modified: Dec. 02, 2024

  • 5.5

    MEDIUM
    CVE-2023-40641

    In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed... Read more

    Affected Products : android sc9863a
    • Published: Oct. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-36803

    Windows Kernel Information Disclosure Vulnerability... Read more

    • Published: Sep. 12, 2023
    • Modified: Jan. 01, 2025

  • 5.5

    MEDIUM
    CVE-2024-27839

    A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.... Read more

    Affected Products : iphone_os ipados
    • Published: May. 14, 2024
    • Modified: Dec. 09, 2024

  • 5.5

    MEDIUM
    CVE-2024-27088

    es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.... Read more

    Affected Products : es5-ext
    • Published: Feb. 26, 2024
    • Modified: Feb. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-26867

    In the Linux kernel, the following vulnerability has been resolved: comedi: comedi_8255: Correct error in subdevice initialization The refactoring done in commit 5c57b1ccecc7 ("comedi: comedi_8255: Rework subdevice initialization functions") to the init... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-26850

    In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Architectures like powerpc add debug checks to ensure we find only devmap PUD pte entries. These debug checks are only done with ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 17, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-26796

    In the Linux kernel, the following vulnerability has been resolved: drivers: perf: ctr_get_width function for legacy is not defined With parameters CONFIG_RISCV_PMU_LEGACY=y and CONFIG_RISCV_PMU_SBI=n linux kernel crashes when you try perf record: $ pe... Read more

    Affected Products : linux_kernel
    • Published: Apr. 04, 2024
    • Modified: Feb. 27, 2025
Showing 20 of 292802 Results