Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2024-41007

    In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every t... Read more

    Affected Products : linux_kernel
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-7437

    SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit ... Read more

    Affected Products : netweaver
    • Published: Oct. 13, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-40838

    A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device.... Read more

    Affected Products : macos
    • Published: Sep. 17, 2024
    • Modified: Mar. 24, 2025

  • 3.3

    LOW
    CVE-2020-11869

    An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A maliciou... Read more

    Affected Products : qemu
    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-40830

    This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps.... Read more

    Affected Products : iphone_os ipados
    • Published: Sep. 17, 2024
    • Modified: Mar. 25, 2025

  • 3.3

    LOW
    CVE-2019-10183

    Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system... Read more

    Affected Products : enterprise_linux virt-manager
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-0188

    A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who success... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2014-1447

    Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.... Read more

    Affected Products : libvirt
    • Published: Jan. 24, 2014
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-40798

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to read Safari's browsing history.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jul. 29, 2024
    • Modified: Mar. 13, 2025

  • 3.3

    LOW
    CVE-2024-42249

    In the Linux kernel, the following vulnerability has been resolved: spi: don't unoptimize message in spi_async() Calling spi_maybe_unoptimize_message() in spi_async() is wrong because the message is likely to be in the queue and not transferred yet. Thi... Read more

    Affected Products : linux_kernel
    • Published: Aug. 07, 2024
    • Modified: Aug. 08, 2024

  • 3.3

    LOW
    CVE-2024-40795

    This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jul. 29, 2024
    • Modified: Mar. 25, 2025

  • 3.3

    LOW
    CVE-2013-4477

    The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.... Read more

    Affected Products : grizzly havana
    • Published: Nov. 02, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-2794

    The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.... Read more

    Affected Products : firefox spice-xpi
    • Published: Aug. 30, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-4337

    The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.... Read more

    Affected Products : gnash
    • Published: Jan. 14, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2021-0989

    In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-3469

    Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors related to Services.... Read more

    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2021-0992

    In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-0109

    NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which coul... Read more

    Affected Products : cuda_toolkit
    • Published: Aug. 31, 2024
    • Modified: Sep. 18, 2024

  • 3.3

    LOW
    CVE-2021-0983

    In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of information about installed device/profile owner package name due to side channel information disclosure. This could lead to local information disclosure wit... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-21383

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293625 Results