Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-9367

    The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.11.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products : welcart_e-commerce
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-56715

    In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on failure If register_netdev() fails, then the driver leaks the netdev notifier. Fix this by calling ionic_lif_unregister() on register_netdev() f... Read more

    Affected Products : linux_kernel
    • Published: Dec. 29, 2024
    • Modified: Jan. 10, 2025

  • 5.5

    MEDIUM
    CVE-2017-0355

    All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service.... Read more

    Affected Products : android windows gpu_driver
    • Published: May. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0353

    All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service... Read more

    Affected Products : android gpu_driver
    • Published: May. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0320

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.... Read more

    Affected Products : windows gpu_driver
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2018-21076

    An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018).... Read more

    Affected Products : android exynos_8895 exynos_8890
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-0304

    A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the ... Read more

    Affected Products : big-ip_advanced_firewall_manager
    • Published: Dec. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-56674

    In the Linux kernel, the following vulnerability has been resolved: virtio_net: correct netdev_tx_reset_queue() invocation point When virtnet_close is followed by virtnet_open, some TX completions can possibly remain unconsumed, until they are finally p... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: Jan. 06, 2025

  • 5.5

    MEDIUM
    CVE-2017-0194

    Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."... Read more

    Affected Products : office excel office_compatibility_pack
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2018-2853

    Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations, Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allow... Read more

    Affected Products : hospitality_simphony
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-56665

    In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog Syzbot reported [1] crash that happens for following tracing scenario: - create tracepoint perf event with attr.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: Jan. 06, 2025

  • 5.5

    MEDIUM
    CVE-2017-0045

    Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Reque... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0038

    gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to ob... Read more

    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-56654

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is not safe since for the most part entries fetched... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: Jan. 06, 2025

  • 5.5

    MEDIUM
    CVE-2024-56629

    In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: Jan. 15, 2025

  • 5.5

    MEDIUM
    CVE-2025-59036

    Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that ... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2024-56618

    In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx: gpcv2: Adjust delay after power up handshake The udelay(5) is not enough, sometimes below kernel panic still be triggered: [ 4.012973] Kernel panic - not syncing: Asy... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: Jan. 16, 2025

  • 5.5

    MEDIUM
    CVE-2016-9820

    libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.... Read more

    Affected Products : libav
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-9819

    libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.... Read more

    Affected Products : libav
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-8697

    The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image.... Read more

    Affected Products : potrace
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293507 Results