Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-2747

    The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.... Read more

    Affected Products : gecko_software_development_kit
    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-57672

    An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.... Read more

    Affected Products : floodlight
    • Published: Feb. 06, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2023-35866

    In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes... Read more

    Affected Products : keepassxc
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-10404

    CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with admini... Read more

    Affected Products : brocade_sannav
    • Published: Feb. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2022-48505

    This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system... Read more

    Affected Products : macos
    • Published: Jun. 28, 2023
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2023-21155

    In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-21168

    In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.P... Read more

    Affected Products : android
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-21198

    In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-55156

    An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message.... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: XML External Entity

  • 5.5

    MEDIUM
    CVE-2023-29147

    In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.... Read more

    • Published: Jun. 30, 2023
    • Modified: Nov. 26, 2024

  • 5.5

    MEDIUM
    CVE-2023-36828

    Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, eve... Read more

    Affected Products : statamic
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0948

    The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information. ... Read more

    Affected Products : android
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-25326

    An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link.... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2020-23910

    Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c.... Read more

    Affected Products : asn1c
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-31441

    In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not co... Read more

    Affected Products : advisor_network
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-53025

    Transient DOS can occur while processing UCI command.... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2023-33802

    A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file.... Read more

    Affected Products : sumatrapdf
    • Published: Jul. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-21097

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.... Read more

    Affected Products : openharmony
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-22841

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.... Read more

    Affected Products : openharmony
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-58047

    Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization
Showing 20 of 294273 Results