Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.5

    LOW
    CVE-2025-23253

    NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to ... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cryptography

  • 2.5

    LOW
    CVE-2017-11850

    Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially cr... Read more

    • EPSS Score: %1.29
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 2.5

    LOW
    CVE-2020-13659

    address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.... Read more

    Affected Products : ubuntu_linux debian_linux leap qemu
    • EPSS Score: %0.03
    • Published: Jun. 02, 2020
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2020-2749

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF command svcbundle). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle... Read more

    Affected Products : solaris solaris
    • EPSS Score: %0.26
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2021-2149

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Orac... Read more

    • EPSS Score: %0.12
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2021-23239

    The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.... Read more

    • EPSS Score: %0.04
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2024-21164

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure wh... Read more

    Affected Products : vm_virtualbox
    • Published: Jul. 16, 2024
    • Modified: Mar. 18, 2025

  • 2.5

    LOW
    CVE-2025-5645

    A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking... Read more

    Affected Products : radare2
    • Published: Jun. 05, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 2.5

    LOW
    CVE-2025-6170

    A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow atta... Read more

    • Published: Jun. 16, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service

  • 2.5

    LOW
    CVE-2025-23290

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2022-0005

    Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.... Read more

    • EPSS Score: %0.04
    • Published: May. 12, 2022
    • Modified: May. 05, 2025

  • 2.4

    LOW
    CVE-2022-20529

    In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User intera... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 2.4

    LOW
    CVE-2019-5213

    Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify th... Read more

    Affected Products : honor_play_firmware honor_play
    • EPSS Score: %0.05
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-22412

    ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access control... Read more

    Affected Products : clickhouse
    • Published: Mar. 18, 2024
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2017-18673

    An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017).... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2006-6477

    FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-... Read more

    Affected Products : first_response
    • EPSS Score: %0.07
    • Published: Dec. 20, 2006
    • Modified: Apr. 09, 2025

  • 2.4

    LOW
    CVE-2018-4123

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the "Clock" component. It allows physically proximate attackers to discover the iTunes e-mail address.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.08
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-8799

    This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL ... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • EPSS Score: %0.07
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2018-4430

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2013-4262

    svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3)... Read more

    Affected Products : subversion
    • EPSS Score: %0.02
    • Published: Jul. 28, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291401 Results