Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-29611

    TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://github.com/tensorflow/tensorflow/blob/e87b51ce05c3eb17206... Read more

    Affected Products : tensorflow
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-49676

    An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability.... Read more

    Affected Products :
    • Published: May. 06, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-20858

    Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.... Read more

    Affected Products : android android dex
    • Published: May. 07, 2024
    • Modified: Feb. 10, 2025

  • 5.5

    MEDIUM
    CVE-2024-20864

    Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.... Read more

    Affected Products : android android dex
    • Published: May. 07, 2024
    • Modified: Feb. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-20867

    Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.... Read more

    Affected Products : email
    • Published: May. 07, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-31078

    in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.... Read more

    Affected Products : openharmony openharmony
    • Published: May. 07, 2024
    • Modified: Jan. 02, 2025

  • 5.5

    MEDIUM
    CVE-2024-0026

    In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: May. 07, 2024
    • Modified: Dec. 17, 2024

  • 5.5

    MEDIUM
    CVE-2024-23712

    In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User in... Read more

    Affected Products : android
    • Published: May. 07, 2024
    • Modified: Mar. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-5447

    Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App.... Read more

    Affected Products : fingerprint_driver
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-16498

    In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.... Read more

    Affected Products : versa_director
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-32731

    SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-20394

    A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An a... Read more

    Affected Products : appdynamics_controller appdynamics
    • Published: May. 15, 2024
    • Modified: Aug. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-3824

    The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack... Read more

    Affected Products : base64_encoderdecoder
    • Published: May. 15, 2024
    • Modified: May. 15, 2025

  • 5.5

    MEDIUM
    CVE-2020-36366

    Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.... Read more

    Affected Products : mjs
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-36367

    Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.... Read more

    Affected Products : mjs
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-36372

    Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.... Read more

    Affected Products : mjs
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-20345

    IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other... Read more

    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-20346

    IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other... Read more

    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-15385

    Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission.... Read more

    Affected Products : sannav
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-24486

    Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294759 Results