Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-25488

    Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.... Read more

    Affected Products : android exynos dex
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29906

    IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.... Read more

    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-40498

    A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead ... Read more

    Affected Products : successfactors_mobile
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-6832

    Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing.... Read more

    Affected Products : libav
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2021-39345

    The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary w... Read more

    Affected Products : hal
    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18672

    An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framework.jar. The Samsung ID is SVE-2017-8390 (May 2017).... Read more

    Affected Products : android
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-39328

    The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allo... Read more

    Affected Products : simple_job_board
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-39348

    The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access... Read more

    Affected Products : learnpress
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-7666

    An issue was discovered in certain Apple products. Transporter before 1.9.2 is affected. The issue involves the "iTMSTransporter" component, which allows attackers to obtain sensitive information via a crafted EPUB.... Read more

    Affected Products : transporter
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2021-0706

    In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not ... Read more

    Affected Products : android
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0613

    In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489... Read more

    Affected Products : android
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0615

    In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561369; I... Read more

    Affected Products : android
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-22450

    A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion.... Read more

    Affected Products : harmonyos
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-22460

    A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism.... Read more

    Affected Products : harmonyos
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-22471

    A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.... Read more

    Affected Products : harmonyos
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-5502

    libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.... Read more

    Affected Products : jasper
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2021-22564

    For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to anothe... Read more

    Affected Products : libjxl
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-6245

    OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6350

    OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2021-38407

    Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute c... Read more

    Affected Products : dialink
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294538 Results