Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2023-41053

    Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The probl... Read more

    Affected Products : redis
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-5432

    The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.... Read more

    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-3419

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem.... Read more

    Affected Products : solaris
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-3717

    Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.... Read more

    Affected Products : xen
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2012-4048

    The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.... Read more

    Affected Products : debian_linux wireshark
    • Published: Jul. 24, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2014-3982

    include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.... Read more

    Affected Products : lynis
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2020-2218

    Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.... Read more

    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-3714

    The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overf... Read more

    Affected Products : xen
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-3052

    The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensiti... Read more

    • Published: Jun. 21, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-28584

    Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.... Read more

    Affected Products : freeimage
    • Published: Mar. 20, 2024
    • Modified: Mar. 28, 2025

  • 3.3

    LOW
    CVE-2025-6658

    PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2013-1922

    qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used whe... Read more

    Affected Products : xen
    • Published: May. 13, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2014-3986

    include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.... Read more

    Affected Products : lynis
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-3981

    acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.... Read more

    Affected Products : php
    • Published: Jun. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2021-25317

    A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to... Read more

    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-25403

    Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.... Read more

    Affected Products : android account
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-25316

    A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versi... Read more

    Affected Products : linux_enterprise_server s390-tools
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-0244

    The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.... Read more

    Affected Products : samba
    • Published: Jun. 23, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2021-25439

    Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.... Read more

    Affected Products : android members
    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-25398

    Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts.... Read more

    Affected Products : bixby_voice
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293969 Results