Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2022-33879

    The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.2... Read more

    Affected Products : tika
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-31699

    VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.... Read more

    Affected Products : esxi cloud_foundation
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 3.3

    LOW
    CVE-2023-35022

    IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.... Read more

    Affected Products : infosphere_information_server
    • Published: Jun. 30, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-28764

    The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insuf... Read more

    • Published: Nov. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-34442

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <... Read more

    Affected Products : camel
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-41043

    Microsoft Office Information Disclosure Vulnerability... Read more

    • Published: Oct. 11, 2022
    • Modified: Jan. 02, 2025

  • 3.3

    LOW
    CVE-2020-14415

    oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.... Read more

    Affected Products : ubuntu_linux qemu
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-34339

    In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message... Read more

    Affected Products : ktor
    • Published: Jun. 01, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-33880

    In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-47112

    7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.... Read more

    Affected Products : 7-zip
    • Published: Apr. 19, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 3.3

    LOW
    CVE-2022-46781

    An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0... Read more

    • Published: Apr. 06, 2023
    • Modified: Feb. 12, 2025

  • 3.3

    LOW
    CVE-2016-4486

    The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.... Read more

    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-7553

    The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.... Read more

    Affected Products : buf.pl
    • Published: Feb. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2019-14391

    cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).... Read more

    Affected Products : cpanel
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-0541

    fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.... Read more

    Affected Products : fuse
    • Published: Sep. 02, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2016-9908

    Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the ho... Read more

    Affected Products : qemu
    • Published: Dec. 23, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-2922

    The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a ... Read more

    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-4983

    A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.... Read more

    Affected Products : enterprise_linux leap opensuse dovecot
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-2057

    lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.... Read more

    Affected Products : debian_linux xymon
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-1849

    The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access... Read more

    Affected Products : iphone_os safari
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 294132 Results