Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.0

    LOW
    CVE-2008-3986

    Unspecified vulnerability in the Oracle Discoverer Administrator component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : application_server
    • EPSS Score: %0.19
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 1.0

    LOW
    CVE-2024-12975

    A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface.... Read more

    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption

  • 1.0

    LOW
    CVE-2004-2648

    FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file.... Read more

    Affected Products : freezex
    • EPSS Score: %0.09
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 1.0

    LOW
    CVE-2008-3987

    Unspecified vulnerability in the Oracle Discoverer Desktop component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : application_server
    • EPSS Score: %0.19
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 1.0

    LOW
    CVE-2025-27608

    Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting (XSS) vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manage... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 1.0

    LOW
    CVE-2014-4248

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows local users to affect confidentiality via unknown vectors related to Logging.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.08
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 1.0

    LOW
    CVE-2025-7844

    Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default `MAX_RSA_KEY_BITS=2048` is used. If your TPM 2.0 module supports RSA key sizes larger than 2048 bit and your applications supports creating or imp... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 1.0

    LOW
    CVE-2025-24959

    zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command execution or unexpected behavior in applications that rel... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Injection

  • 1.0

    LOW
    CVE-2025-9092

    Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.N... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 1.0

    LOW
    CVE-2025-49842

    conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the ro... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 1.0

    LOW
    CVE-2009-3412

    Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server application_server
    • EPSS Score: %0.24
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 1.0

    LOW
    CVE-2010-4431

    Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy.... Read more

    Affected Products : java_system_portal_server
    • EPSS Score: %0.05
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 1.0

    LOW
    CVE-2020-12492

    Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information.... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 0.0

    NA
    CVE-2025-21717

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq kvzalloc_node is not doing a runtime check on the node argument (__alloc_pages_node_noprof does have a V... Read more

    Affected Products : linux_kernel
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2024-36906

    In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: [ 33.452494] ================================================================== [ 33.453513] BUG: KASAN: stac... Read more

    Affected Products : linux_kernel
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024

  • 0.0

    NA
    CVE-2025-21875

    In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owne... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2022-49851

    In the Linux kernel, the following vulnerability has been resolved: riscv: fix reserved memory setup Currently, RISC-V sets up reserved memory using the "early" copy of the device tree. As a result, when trying to get a reserved memory region using of_r... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2022-49557

    In the Linux kernel, the following vulnerability has been resolved: x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave) Set the starting uABI size of KVM's guest FPU to 'struct kvm_xsave', i.e. to KVM's historical uABI size. When... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53071

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: do not run mt76_unregister_device() on unregistered hw Trying to probe a mt7921e pci card without firmware results in a successful probe where ieee80211_register_hw hasn't b... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37786

    In the Linux kernel, the following vulnerability has been resolved: net: dsa: free routing table on probe failure If complete = true in dsa_tree_setup(), it means that we are the last switch of the tree which is successfully probing, and we should be se... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291162 Results