Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2013-2635

    The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Mar. 22, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-0179

    libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU... Read more

    • EPSS Score: %0.11
    • Published: Aug. 03, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2014-4421

    The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different ... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %0.08
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2008-2937

    Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.... Read more

    Affected Products : postfix
    • EPSS Score: %0.08
    • Published: Aug. 18, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2008-1383

    The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same... Read more

    Affected Products : linux
    • EPSS Score: %0.03
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2010-4525

    Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.11
    • Published: Jan. 11, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-4072

    The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl sys... Read more

    • EPSS Score: %0.10
    • Published: Nov. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-3310

    Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %0.12
    • Published: Sep. 29, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-2976

    The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspe... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.05
    • Published: Aug. 21, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-4508

    Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Dec. 21, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-4029

    The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a ... Read more

    Affected Products : x_server
    • EPSS Score: %0.57
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-6544

    The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI ... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.08
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2012-2425

    The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (application crash) v... Read more

    Affected Products : internet_explorer quickbooks
    • EPSS Score: %0.21
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2013-7291

    memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree,"... Read more

    Affected Products : memcached
    • EPSS Score: %0.21
    • Published: Jan. 13, 2014
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2016-8284

    Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.... Read more

    Affected Products : mysql
    • EPSS Score: %0.08
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2013-7290

    The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the ... Read more

    Affected Products : memcached
    • EPSS Score: %0.21
    • Published: Jan. 13, 2014
    • Modified: Apr. 11, 2025

  • 1.8

    LOW
    CVE-2018-3270

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where S... Read more

    Affected Products : solaris solaris
    • EPSS Score: %0.19
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 1.8

    LOW
    CVE-2025-47278

    Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by ... Read more

    Affected Products : flask
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cryptography

  • 1.8

    LOW
    CVE-2015-1798

    The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MA... Read more

    Affected Products : ntp
    • EPSS Score: %0.68
    • Published: Apr. 08, 2015
    • Modified: Apr. 12, 2025

  • 1.8

    LOW
    CVE-2012-2423

    The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different responses to remote requests depending on whether a ZIP... Read more

    Affected Products : internet_explorer quickbooks
    • EPSS Score: %0.13
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291222 Results