Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-3178

    The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value.... Read more

    Affected Products : minissdpd
    • EPSS Score: %0.06
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2018-20195

    A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.... Read more

    • EPSS Score: %0.34
    • Published: Dec. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-20244

    In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.... Read more

    Affected Products : airflow
    • EPSS Score: %0.90
    • Published: Feb. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-2540

    Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.... Read more

    Affected Products : audacity
    • EPSS Score: %0.91
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-20168

    Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service ("physical address not valid" panic) via a crafted application.... Read more

    Affected Products : gvisor
    • EPSS Score: %0.05
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-2142

    Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.... Read more

    Affected Products : openshift openshift
    • EPSS Score: %0.04
    • Published: Jun. 08, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2024-50210

    In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error... Read more

    Affected Products : linux_kernel
    • Published: Nov. 08, 2024
    • Modified: Nov. 19, 2024

  • 5.5

    MEDIUM
    CVE-2018-20029

    The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.... Read more

    Affected Products : windows_10 nomachine dokanfs
    • EPSS Score: %0.04
    • Published: Dec. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-1582

    LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.... Read more

    Affected Products : ubuntu_linux lxd
    • EPSS Score: %0.04
    • Published: Jun. 09, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2018-20005

    An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.... Read more

    Affected Products : fedora mini-xml
    • EPSS Score: %0.19
    • Published: Dec. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-50153

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target... Read more

    Affected Products : linux_kernel
    • Published: Nov. 07, 2024
    • Modified: Nov. 13, 2024

  • 5.5

    MEDIUM
    CVE-2024-50147

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGE_PAGES command, this bit isn't Initialize during command bitmask Initialization, only during ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 07, 2024
    • Modified: Nov. 18, 2024

  • 5.5

    MEDIUM
    CVE-2024-50145

    In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() build_skb() returns NULL in case of a memory allocation failure so handle it inside __octep_oq_process_rx() to... Read more

    Affected Products : linux_kernel
    • Published: Nov. 07, 2024
    • Modified: Nov. 15, 2024

  • 5.5

    MEDIUM
    CVE-2016-1307

    The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.... Read more

    • EPSS Score: %0.16
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2018-20126

    hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.... Read more

    Affected Products : ubuntu_linux leap qemu
    • EPSS Score: %0.08
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-0652

    Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML.... Read more

    Affected Products : mysql
    • EPSS Score: %0.13
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-0561

    Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerabi... Read more

    • EPSS Score: %0.16
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-0557

    Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Administration... Read more

    • EPSS Score: %0.16
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2018-1783

    IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS. I... Read more

    Affected Products : spectrum_scale
    • EPSS Score: %0.05
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-0472

    Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality and availability via unknown vectors.... Read more

    Affected Products : database_server
    • EPSS Score: %0.39
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292495 Results