Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.2

    LOW
    CVE-2014-6589

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than... Read more

    Affected Products : opensuse vm_virtualbox
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.2

    LOW
    CVE-2021-20203

    An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash th... Read more

    Affected Products : fedora debian_linux qemu
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2013-1923

    rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.... Read more

    Affected Products : nfs-utils
    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2020-25743

    hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.... Read more

    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2022-29816

    In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible... Read more

    Affected Products : intellij_idea
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2020-26925

    NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service.... Read more

    Affected Products : gs808e_firmware gs808e
    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2010-2382

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : solaris
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2014-7251

    XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.... Read more

    Affected Products : fast\/tools
    • Published: Dec. 06, 2014
    • Modified: Apr. 12, 2025

  • 3.2

    LOW
    CVE-2025-46394

    In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.... Read more

    Affected Products : busybox
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Information Disclosure

  • 3.2

    LOW
    CVE-2021-25333

    Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.... Read more

    Affected Products : pay_mini
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2021-27260

    This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to explo... Read more

    Affected Products : parallels_desktop
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2013-0343

    The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and a... Read more

    Affected Products : linux_kernel
    • Published: Feb. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.2

    LOW
    CVE-2025-26428

    In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for ex... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 3.2

    LOW
    CVE-2024-6126

    A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.... Read more

    Affected Products :
    • Published: Jul. 03, 2024
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2018-1725

    IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440.... Read more

    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2024-36331

    Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 3.2

    LOW
    CVE-2021-3392

    A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw al... Read more

    Affected Products : fedora debian_linux qemu
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2006-1285

    SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information.... Read more

    Affected Products : ghost_solutions_suite norton_ghost
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.2

    LOW
    CVE-2023-26442

    In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sprox... Read more

    • Published: Aug. 02, 2023
    • Modified: Nov. 21, 2024

  • 3.2

    LOW
    CVE-2015-5011

    IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, ... Read more

    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293179 Results