Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2022-3219

    GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.... Read more

    Affected Products : gnupg
    • Published: Feb. 23, 2023
    • Modified: Mar. 12, 2025

  • 3.3

    LOW
    CVE-2021-3655

    A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.... Read more

    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-37468

    NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.... Read more

    • Published: Jul. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-50564

    A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.... Read more

    Affected Products : forticlient
    • Published: Jan. 14, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cryptography

  • 3.3

    LOW
    CVE-2017-0188

    A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who success... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2010-4337

    The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.... Read more

    Affected Products : gnash
    • Published: Jan. 14, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2020-11869

    An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A maliciou... Read more

    Affected Products : qemu
    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-20263

    A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the gu... Read more

    Affected Products : qemu
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-3766

    A vulnerability, which was classified as problematic, has been found in slowlyo OwlAdmin up to 3.5.7. Affected by this issue is some unknown functionality of the file /admin-api/upload_image of the component Image File Upload. The manipulation of the argu... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-4477

    The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.... Read more

    Affected Products : grizzly havana
    • Published: Nov. 02, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-44172

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15. An app may be able to access contacts.... Read more

    Affected Products : macos
    • Published: Jan. 27, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2020-14354

    A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulner... Read more

    Affected Products : fedora c-ares
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-7437

    SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit ... Read more

    Affected Products : netweaver
    • Published: Oct. 13, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-5499

    Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498.... Read more

    Affected Products : database_server
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-40830

    This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps.... Read more

    Affected Products : iphone_os ipados
    • Published: Sep. 17, 2024
    • Modified: Mar. 25, 2025

  • 3.3

    LOW
    CVE-2024-40838

    A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device.... Read more

    Affected Products : macos
    • Published: Sep. 17, 2024
    • Modified: Mar. 24, 2025

  • 3.3

    LOW
    CVE-2024-40832

    The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.... Read more

    Affected Products : macos
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-10183

    Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system... Read more

    Affected Products : enterprise_linux virt-manager
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2015-1044

    vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors.... Read more

    Affected Products : player workstation esxi
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-3764

    ** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotel... Read more

    Affected Products :
    • Published: Apr. 14, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293584 Results