Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.0

    LOW
    CVE-2025-52937

    Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025

  • 2.0

    LOW
    CVE-2024-53262

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered... Read more

    Affected Products : sveltekit
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 2.0

    LOW
    CVE-2015-7511

    Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.... Read more

    Affected Products : ubuntu_linux debian_linux libgcrypt
    • EPSS Score: %0.06
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 2.0

    LOW
    CVE-2025-2864

    SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025

  • 2.0

    LOW
    CVE-2025-40631

    HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirec... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.0

    LOW
    CVE-2025-3639

    Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 2.0

    LOW
    CVE-2025-4762

    Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths an... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 2.0

    LOW
    CVE-2024-50406

    A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed ... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.0

    LOW
    CVE-2025-21096

    Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 2.0

    LOW
    CVE-2025-5941

    Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based ... Read more

    Affected Products : netskope
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 2.0

    LOW
    CVE-2024-57257

    A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.... Read more

    Affected Products : u-boot
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Denial of Service

  • 1.9

    LOW
    CVE-2011-1155

    The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a file... Read more

    Affected Products : logrotate
    • EPSS Score: %0.09
    • Published: Mar. 30, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-4419

    The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different ... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %0.08
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2005-3126

    The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.... Read more

    Affected Products : antiword
    • EPSS Score: %0.06
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2012-4535

    Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."... Read more

    Affected Products : xen
    • EPSS Score: %0.11
    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-1952

    Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service ... Read more

    Affected Products : xen
    • EPSS Score: %0.07
    • Published: May. 13, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1197

    cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.... Read more

    Affected Products : cpio
    • EPSS Score: %3.33
    • Published: Feb. 19, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2015-0413

    Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.... Read more

    • EPSS Score: %0.10
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2013-2636

    net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.11
    • Published: Mar. 22, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-2898

    drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted devi... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291358 Results