Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-23215

    An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.... Read more

    Affected Products : fedora debian_linux openexr
    • EPSS Score: %0.09
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2001-1391

    Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.... Read more

    Affected Products : linux_kernel linux
    • EPSS Score: %0.09
    • Published: Apr. 17, 2001
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2021-20255

    A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU c... Read more

    Affected Products : debian_linux qemu
    • EPSS Score: %0.04
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-20219

    A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26805

    Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file.... Read more

    Affected Products : tsmuxer
    • EPSS Score: %0.19
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-20176

    A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from thi... Read more

    Affected Products : debian_linux imagemagick
    • EPSS Score: %0.07
    • Published: Feb. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-1998

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol... Read more

    • EPSS Score: %0.35
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2000-1178

    Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.... Read more

    Affected Products : linux joe
    • EPSS Score: %0.14
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2021-26254

    Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable denial of service via local access.... Read more

    • EPSS Score: %0.13
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2020-36691

    An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Mar. 24, 2023
    • Modified: Feb. 21, 2025

  • 5.5

    MEDIUM
    CVE-2020-35534

    In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.... Read more

    Affected Products : libraw
    • EPSS Score: %0.03
    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-35507

    There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of thi... Read more

    • EPSS Score: %0.08
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1282

    IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ... Read more

    Affected Products : content_navigator
    • EPSS Score: %0.23
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-48114

    SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character a... Read more

    Affected Products : smartermail
    • EPSS Score: %0.17
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-17830

    The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_fiel... Read more

    Affected Products : redaxo
    • EPSS Score: %0.21
    • Published: Oct. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-44075

    Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter.... Read more

    Affected Products : small_crm
    • EPSS Score: %0.20
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43267

    A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field.... Read more

    Affected Products : emlog
    • EPSS Score: %0.22
    • Published: Oct. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-19829

    A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.... Read more

    Affected Products : serv-u_ftp_server serv-u
    • EPSS Score: %1.44
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-43357

    Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.26
    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1114

    IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted... Read more

    Affected Products : campaign
    • EPSS Score: %0.16
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291728 Results