Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-30716

    Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.... Read more

    Affected Products : android android dex
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-40659

    In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to loc... Read more

    Affected Products : android
    • Published: Sep. 11, 2024
    • Modified: Dec. 17, 2024

  • 5.5

    MEDIUM
    CVE-2025-9308

    A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this att... Read more

    Affected Products : yarn
    • Published: Aug. 21, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2022-3897

    The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated... Read more

    • Published: Nov. 29, 2022
    • Modified: Aug. 20, 2025

  • 5.5

    MEDIUM
    CVE-2025-1993

    IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database... Read more

    • Published: May. 09, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cryptography

  • 5.5

    MEDIUM
    CVE-2024-11268

    A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.... Read more

    Affected Products : revit
    • Published: Dec. 09, 2024
    • Modified: Aug. 18, 2025

  • 5.5

    MEDIUM
    CVE-2025-26484

    Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.... Read more

    Affected Products : cloudlink
    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: XML External Entity

  • 5.5

    MEDIUM
    CVE-2025-6566

    A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. The attack... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2023-30923

    In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-42406

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... Read more

    • Published: Jan. 26, 2023
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2023-30933

    In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-35668

    In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exp... Read more

    Affected Products : android
    • Published: Dec. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-20648

    In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09456673; Issue ID... Read more

    • Published: Mar. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-20927

    Out-of-bounds read in parsing image data in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025

  • 5.5

    MEDIUM
    CVE-2022-20215

    In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Pr... Read more

    Affected Products : android
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 5.5

    MEDIUM
    CVE-2025-21005

    Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.... Read more

    Affected Products : android
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2021-33439

    An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c.... Read more

    Affected Products : mjs
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-42788

    A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information.... Read more

    Affected Products : macos
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2023-31921

    Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.... Read more

    Affected Products : jerryscript
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 5.5

    MEDIUM
    CVE-2024-29992

    Azure Identity Library for .NET Information Disclosure Vulnerability... Read more

    Affected Products : azure_identity_library_for_.net
    • Published: Apr. 09, 2024
    • Modified: Jan. 09, 2025
Showing 20 of 294273 Results