Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2020-36722

    The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that exe... Read more

    Affected Products : visual_composer_website_builder
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-33595

    CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.... Read more

    Affected Products : python
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-29758

    An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.... Read more

    Affected Products : blue_light_filter
    • Published: Jun. 09, 2023
    • Modified: Jan. 06, 2025

  • 5.5

    MEDIUM
    CVE-2023-29753

    An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files.... Read more

    Affected Products : facemoji\
    • Published: Jun. 09, 2023
    • Modified: Jan. 06, 2025

  • 5.5

    MEDIUM
    CVE-2025-20891

    Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android android
    • Published: Feb. 04, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-42207

    HCL iAutomate is affected by a session fixation vulnerability.  An attacker could hijack a victim's session ID from their authenticated session.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2023-21142

    In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc... Read more

    Affected Products : android
    • Published: Jun. 15, 2023
    • Modified: Dec. 18, 2024

  • 5.5

    MEDIUM
    CVE-2023-2747

    The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.... Read more

    Affected Products : gecko_software_development_kit
    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-57672

    An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.... Read more

    Affected Products : floodlight
    • Published: Feb. 06, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2023-35866

    In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes... Read more

    Affected Products : keepassxc
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-10404

    CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with admini... Read more

    Affected Products : brocade_sannav
    • Published: Feb. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2022-48505

    This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system... Read more

    Affected Products : macos
    • Published: Jun. 28, 2023
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2023-21155

    In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-21168

    In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.P... Read more

    Affected Products : android
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-21198

    In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-55156

    An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message.... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: XML External Entity

  • 5.5

    MEDIUM
    CVE-2023-29147

    In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.... Read more

    • Published: Jun. 30, 2023
    • Modified: Nov. 26, 2024

  • 5.5

    MEDIUM
    CVE-2023-36828

    Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, eve... Read more

    Affected Products : statamic
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0948

    The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information. ... Read more

    Affected Products : android
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-25326

    An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link.... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 294299 Results