Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-35866

    In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes... Read more

    Affected Products : keepassxc
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-10404

    CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with admini... Read more

    Affected Products : brocade_sannav
    • Published: Feb. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2022-48505

    This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system... Read more

    Affected Products : macos
    • Published: Jun. 28, 2023
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2023-21155

    In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-21168

    In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.P... Read more

    Affected Products : android
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-21198

    In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-55156

    An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message.... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: XML External Entity

  • 5.5

    MEDIUM
    CVE-2023-29147

    In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.... Read more

    • Published: Jun. 30, 2023
    • Modified: Nov. 26, 2024

  • 5.5

    MEDIUM
    CVE-2023-36828

    Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, eve... Read more

    Affected Products : statamic
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0948

    The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information. ... Read more

    Affected Products : android
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-25326

    An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link.... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2020-23910

    Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c.... Read more

    Affected Products : asn1c
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-31441

    In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not co... Read more

    Affected Products : advisor_network
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-53025

    Transient DOS can occur while processing UCI command.... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2023-33802

    A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file.... Read more

    Affected Products : sumatrapdf
    • Published: Jul. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-21097

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.... Read more

    Affected Products : openharmony
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-22841

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.... Read more

    Affected Products : openharmony
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-58047

    Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-20930

    Out-of-bounds read in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-48610

    This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 294319 Results