Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2017-1654

    IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378.... Read more

    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-2133

    Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2001-0361

    Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 vers... Read more

    Affected Products : openssh ssh
    • Published: Jun. 27, 2001
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2012-0572

    Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.... Read more

    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2017-18824

    Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15,... Read more

    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2012-4731

    FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.... Read more

    Affected Products : rtfm
    • Published: Nov. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2017-18382

    cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-18819

    NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.... Read more

    Affected Products : readynas_os
    • Published: Apr. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2014-8961

    Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's lin... Read more

    Affected Products : phpmyadmin opensuse
    • Published: Nov. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2021-35576

    Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local L... Read more

    Affected Products : database_server
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-35640

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c... Read more

    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-35625

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip... Read more

    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-39900

    Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.... Read more

    Affected Products : gitlab
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-35623

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr... Read more

    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2025-32364

    A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.... Read more

    Affected Products : poppler
    • Published: Apr. 05, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 4.0

    MEDIUM
    CVE-2022-23091

    A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that pr... Read more

    Affected Products : freebsd
    • Published: Feb. 15, 2024
    • Modified: Jun. 04, 2025

  • 4.0

    MEDIUM
    CVE-2022-2047

    In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to f... Read more

    • Published: Jul. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-39901

    In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.... Read more

    Affected Products : gitlab
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-3433

    Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxr... Read more

    Affected Products : zephyr
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-39945

    Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge ... Read more

    Affected Products : gitlab
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293640 Results