Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2025-46836

    net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly... Read more

    Affected Products : net-tools
    • Published: May. 14, 2025
    • Modified: May. 31, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-23368

    A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.... Read more

    Affected Products :
    • Published: Mar. 04, 2025
    • Modified: May. 31, 2025

  • 5.9

    MEDIUM
    CVE-2024-50624

    ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig ... Read more

    Affected Products : kmail
    • Published: Oct. 28, 2024
    • Modified: May. 31, 2025

  • 9.8

    CRITICAL
    CVE-2020-36846

    A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a ... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2023-50431

    sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2023
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-57338

    An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-57337

    An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-22643

    A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets.... Read more

    Affected Products : seo_panel
    • Published: Jan. 30, 2024
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2023-28484

    In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.... Read more

    Affected Products : debian_linux libxml2
    • Published: Apr. 24, 2023
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2022-43680

    In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.... Read more

    • Published: Oct. 24, 2022
    • Modified: May. 30, 2025

  • 8.1

    HIGH
    CVE-2022-40674

    libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.... Read more

    Affected Products : fedora debian_linux libexpat sinec_nms
    • Published: Sep. 14, 2022
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-37434

    zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source... Read more

    • Published: Aug. 05, 2022
    • Modified: May. 30, 2025

  • 4.7

    MEDIUM
    CVE-2022-26764

    A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 9.3

    HIGH
    CVE-2022-26763

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may b... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 9.3

    HIGH
    CVE-2022-26761

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos mac_os_x
    • Published: May. 26, 2022
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-25313

    In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.... Read more

    • Published: Feb. 18, 2022
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2020-12762

    json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.... Read more

    • Published: May. 09, 2020
    • Modified: May. 30, 2025

  • 7.5

    HIGH
    CVE-2019-15903

    In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.... Read more

    Affected Products : python libexpat
    • Published: Sep. 04, 2019
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2018-20843

    In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).... Read more

    • Published: Jun. 24, 2019
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2024-21309

    Windows Kernel-Mode Driver Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 09, 2024
    • Modified: May. 30, 2025
Showing 20 of 292763 Results