Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-0554

    In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVer... Read more

    Affected Products : android
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-34391

    Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service.... Read more

    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-34070

    Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.... Read more

    Affected Products : tsmuxer
    • Published: Jun. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-25649

    An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should on... Read more

    Affected Products : aura_utility_services
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-36055

    Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), ... Read more

    Affected Products :
    • Published: May. 26, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-36037

    Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 27, 2024
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2021-25431

    Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer.... Read more

    Affected Products : android cameralyzer
    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-34130

    Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access confidential information. Exploit... Read more

    Affected Products : acrobat_reader
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-37877

    UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is sent to gNodeB with malformed PDU length. This occurs in function readOctetString in src/utils/octet_view.cpp and in function DecodeRlsMessage in src/lib/rls/rls_pdu.cpp... Read more

    Affected Products :
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-19474

    An issue has been found in function Gfx::doShowText in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an Use After Free .... Read more

    Affected Products : pdf2json
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-22417

    A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage.... Read more

    Affected Products : harmonyos
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-20896

    Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.... Read more

    Affected Products : android android dex
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-20897

    Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.... Read more

    Affected Products : android android dex
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-25087

    Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error.... Read more

    • Published: Jul. 02, 2024
    • Modified: Mar. 14, 2025

  • 5.5

    MEDIUM
    CVE-2024-37437

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1.... Read more

    Affected Products : website_builder
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-32283

    An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function gravity_string_to_value() located in gravity_value.c. It allows an attacker to cause Denial of Service.... Read more

    Affected Products : gravity
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-6705

    The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w... Read more

    Affected Products :
    • Published: Jul. 18, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-39585

    An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function traits_dump() located in abc.c. It allows an attacker to cause Denial of Service.... Read more

    Affected Products : swftools
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-39591

    An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_GetShapeBoundingBox() located in swfshape.c. It allows an attacker to cause Denial of Service.... Read more

    Affected Products : swftools
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-39593

    An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_FontExtract_DefineFontInfo() located in swftext.c. It allows an attacker to cause Denial of Service.... Read more

    Affected Products : swftools
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294358 Results