Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2022-32296

    The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Jun. 05, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-1773

    The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.05
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2007-6441

    The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."... Read more

    Affected Products : wireshark
    • EPSS Score: %0.76
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2018-8449

    A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.... Read more

    Affected Products : windows_10 windows_server_2016
    • EPSS Score: %2.42
    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-7156

    The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (g... Read more

    Affected Products : xen
    • EPSS Score: %0.80
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-3982

    include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.... Read more

    Affected Products : lynis
    • EPSS Score: %0.05
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2025-46717

    sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list <pathname>`.... Read more

    Affected Products : sudo
    • Published: May. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-23210

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.03
    • Published: Jan. 23, 2024
    • Modified: Jun. 04, 2025

  • 3.3

    LOW
    CVE-2019-8934

    hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.... Read more

    Affected Products : leap qemu
    • EPSS Score: %0.11
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-19126

    On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping address... Read more

    Affected Products : ubuntu_linux fedora debian_linux glibc
    • EPSS Score: %0.02
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-1174

    The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user sess... Read more

    Affected Products : systemd systemd
    • EPSS Score: %0.12
    • Published: Jul. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2012-4290

    The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.... Read more

    • EPSS Score: %0.90
    • Published: Aug. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2009-2056

    Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.... Read more

    Affected Products : ios_xr
    • EPSS Score: %0.47
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2023-42857

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os ipados
    • EPSS Score: %0.04
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-3423

    lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.... Read more

    Affected Products : emacs mageia
    • EPSS Score: %0.14
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-3981

    acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.... Read more

    Affected Products : php
    • EPSS Score: %0.15
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2022-0987

    A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.... Read more

    Affected Products : enterprise_linux packagekit
    • EPSS Score: %0.04
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2025-24334

    The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-30347

    Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit ... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Jul. 09, 2025

  • 3.3

    LOW
    CVE-2025-6199

    A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error... Read more

    Affected Products : enterprise_linux gdkpixbuf
    • Published: Jun. 17, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291526 Results