Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-29207

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been im... Read more

    Affected Products : tensorflow
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-37529

    A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).... Read more

    Affected Products : debian_linux fig2dev
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-5145

    Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter... Read more

    Affected Products : open_business_management
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 5.5

    MEDIUM
    CVE-2018-18749

    data-tools through 2017-07-26 has an Integer Overflow leading to an incorrect end value for the write_wchars function.... Read more

    Affected Products : data_tools
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-38590

    In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).... Read more

    Affected Products : cpanel
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-39357

    The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the ~/class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in vers... Read more

    Affected Products : leaky_paywall
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-48447

    In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jun. 06, 2023
    • Modified: Jan. 08, 2025

  • 5.5

    MEDIUM
    CVE-2021-46702

    Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accompl... Read more

    Affected Products : windows tor
    • Published: Feb. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-32240

    When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-12294

    Insufficient control flow management in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-30865

    In dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jun. 06, 2023
    • Modified: Jan. 08, 2025

  • 5.5

    MEDIUM
    CVE-2022-39122

    In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 5.5

    MEDIUM
    CVE-2022-34285

    A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to l... Read more

    Affected Products : pads_viewer
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-30914

    In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jun. 06, 2023
    • Modified: Jan. 08, 2025

  • 5.5

    MEDIUM
    CVE-2022-35089

    SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf.... Read more

    Affected Products : swftools
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.5

    MEDIUM
    CVE-2022-41801

    Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products : connect_m
    • Published: May. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-42389

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... Read more

    • Published: Jan. 26, 2023
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2020-2274

    Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.... Read more

    Affected Products : elastest
    • Published: Sep. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2014-2915

    Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) ... Read more

    Affected Products : xen
    • Published: Apr. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2022-4312

    A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated... Read more

    Affected Products : pcvue
    • Published: Dec. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294285 Results