Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-34625

    Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.... Read more

    Affected Products : notes
    • Published: Aug. 07, 2024
    • Modified: Aug. 09, 2024

  • 5.5

    MEDIUM
    CVE-2024-34644

    Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 5.5

    MEDIUM
    CVE-2021-46168

    Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.... Read more

    Affected Products : spin
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46333

    Moddable SDK v11.5.0 was discovered to contain an invalid memory access vulnerability via the component __asan_memmove.... Read more

    Affected Products : moddable_sdk
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46344

    There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0.... Read more

    Affected Products : jerryscript
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-24635

    The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and sea... Read more

    Affected Products : visual_link_preview
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-11123

    u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.' in Snapdragon Auto, Snapd... Read more

    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46480

    Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : jsish
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-30930

    In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-30941

    In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-6105

    An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the ex... Read more

    • Published: Nov. 15, 2023
    • Modified: Feb. 13, 2025

  • 5.5

    MEDIUM
    CVE-2024-37137

    Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure.... Read more

    Affected Products : cloudlink
    • Published: Jun. 28, 2024
    • Modified: Feb. 03, 2025

  • 5.5

    MEDIUM
    CVE-2022-20322

    In PackageManager, there is a possible installed package disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-38382

    in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.... Read more

    Affected Products : openharmony openharmony
    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 5.5

    MEDIUM
    CVE-2022-37353

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... Read more

    • Published: Mar. 29, 2023
    • Modified: Feb. 18, 2025

  • 5.5

    MEDIUM
    CVE-2022-37368

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... Read more

    • Published: Mar. 29, 2023
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2024-39118

    Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up.... Read more

    Affected Products : advanced_backups
    • Published: Jul. 09, 2024
    • Modified: Mar. 14, 2025

  • 5.5

    MEDIUM
    CVE-2022-20609

    In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andr... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 5.5

    MEDIUM
    CVE-2023-47615

    A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low pr... Read more

    • Published: Nov. 09, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-2045

    Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments.... Read more

    Affected Products : session
    • Published: Mar. 01, 2024
    • Modified: May. 19, 2025
Showing 20 of 294068 Results