Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2022-32296

    The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Jun. 05, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2008-3699

    The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.... Read more

    Affected Products : amarok
    • EPSS Score: %0.03
    • Published: Aug. 14, 2008
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2020-3989

    VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able... Read more

    • EPSS Score: %0.04
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-17263

    In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are a... Read more

    Affected Products : libfwsi
    • EPSS Score: %0.15
    • Published: Oct. 06, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-17401

    libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as... Read more

    Affected Products : liblnk
    • EPSS Score: %0.06
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-29054

    A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key... Read more

    Affected Products : fortios fortiproxy
    • EPSS Score: %0.07
    • Published: Feb. 16, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-2792

    Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-cli... Read more

    Affected Products : firefox spice-xpi
    • EPSS Score: %0.05
    • Published: Aug. 30, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2022-0987

    A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.... Read more

    Affected Products : enterprise_linux packagekit
    • EPSS Score: %0.04
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-39286

    Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 3.3

    LOW
    CVE-2012-4292

    The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, whic... Read more

    Affected Products : wireshark sunos opensuse
    • EPSS Score: %1.13
    • Published: Aug. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2025-24121

    A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.... Read more

    Affected Products : macos
    • Published: Jan. 27, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Misconfiguration

  • 3.3

    LOW
    CVE-2015-8946

    ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified ve... Read more

    Affected Products : ubuntu_linux ecryptfs-utils
    • EPSS Score: %0.13
    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-1048

    A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rena... Read more

    Affected Products : enterprise_linux fedora grub2
    • EPSS Score: %0.01
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-0424

    The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in t... Read more

    Affected Products : cronie vixie_cron
    • EPSS Score: %0.04
    • Published: Feb. 25, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2015-0429

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.06
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2019-8857

    The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %0.07
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-46792

    In the Linux kernel, the following vulnerability has been resolved: riscv: misaligned: Restrict user access to kernel memory raw_copy_{to,from}_user() do not call access_ok(), so this code allowed userspace to access any virtual memory address.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-7138

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.06
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2018-4322

    This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.05
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-11931

    An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the ... Read more

    Affected Products : ubuntu_linux pulseaudio
    • EPSS Score: %0.04
    • Published: May. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results