Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2016-4486

    The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.... Read more

    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-9908

    Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the ho... Read more

    Affected Products : qemu
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2012-0786

    The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.... Read more

    Affected Products : augeas
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2012-2093

    src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.... Read more

    Affected Products : gajim
    • Published: May. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2016-9085

    Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : fedora libwebp
    • Published: Feb. 03, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2019-13232

    Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.... Read more

    Affected Products : debian_linux unzip
    • Published: Jul. 04, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-0541

    fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.... Read more

    Affected Products : fuse
    • Published: Sep. 02, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2007-5200

    hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.... Read more

    Affected Products : opensuse opensuse
    • Published: Oct. 14, 2007
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2012-2392

    Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.... Read more

    Affected Products : wireshark
    • Published: Jun. 30, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2019-10343

    Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.... Read more

    Affected Products : configuration_as_code
    • Published: Jul. 31, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-27928

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.5. An app may be able to acce... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 3.3

    LOW
    CVE-2016-4983

    A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.... Read more

    Affected Products : enterprise_linux leap opensuse dovecot
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-6060

    The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed... Read more

    Affected Products : android dhcpcd
    • Published: Sep. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2019-10433

    Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.... Read more

    Affected Products : dingding
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-11485

    Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.... Read more

    Affected Products : ubuntu_linux apport apport
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-3666

    The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.3

    LOW
    CVE-2019-3815

    A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A loca... Read more

    • Published: Jan. 28, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-0188

    A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who success... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2024-40832

    The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.... Read more

    Affected Products : macos
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-40792

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings.... Read more

    Affected Products : macos
    • Published: Oct. 28, 2024
    • Modified: Mar. 18, 2025
Showing 20 of 293681 Results