Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.9

    LOW
    CVE-2025-27400

    Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerabil... Read more

    Affected Products : magento
    • Published: Feb. 28, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.9

    LOW
    CVE-2015-3340

    Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.... Read more

    • Published: Apr. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2014-0131

    Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.... Read more

    • Published: Mar. 24, 2014
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2014-0905

    IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.... Read more

    Affected Products : infosphere_biginsights
    • Published: Aug. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2025-48756

    In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 2.9

    LOW
    CVE-2025-47285

    Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, `concat()` may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation w... Read more

    Affected Products : vyper
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 2.9

    LOW
    CVE-2025-43965

    In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.... Read more

    Affected Products : imagemagick
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 2.9

    LOW
    CVE-2025-48753

    In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock.... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Race Condition

  • 2.9

    LOW
    CVE-2025-31160

    atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.... Read more

    Affected Products : atop
    • Published: Mar. 26, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 2.9

    LOW
    CVE-2013-1589

    Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.... Read more

    Affected Products : wireshark
    • Published: Feb. 03, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2014-6381

    Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when "Proxy ARP" or "No Broadcast" features are enabled in a clustered setup, allows remote attackers to cause a den... Read more

    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2014-3970

    The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.... Read more

    Affected Products : pulseaudio
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 2.9

    LOW
    CVE-2013-2481

    Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause ... Read more

    Affected Products : debian_linux wireshark opensuse
    • Published: Mar. 07, 2013
    • Modified: Apr. 11, 2025

  • 2.9

    LOW
    CVE-2022-21312

    Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high pr... Read more

    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 2.9

    LOW
    CVE-2022-21319

    Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high pr... Read more

    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 2.9

    LOW
    CVE-2022-21317

    Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high pr... Read more

    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 2.9

    LOW
    CVE-2022-21311

    Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high pr... Read more

    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 2.9

    LOW
    CVE-2022-21484

    Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high pr... Read more

    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 2.9

    LOW
    CVE-2022-21331

    Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high pr... Read more

    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 2.9

    LOW
    CVE-2012-0042

    Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to... Read more

    Affected Products : enterprise_linux wireshark
    • Published: Apr. 11, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293642 Results