Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2006-1963

    Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile i... Read more

    Affected Products : pcpin_chat
    • Published: Apr. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2021-29534

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.SparseConcat`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/b432a38fe0... Read more

    Affected Products : tensorflow
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-4457

    Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive ... Read more

    Affected Products : warp
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29548

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://githu... Read more

    Affected Products : tensorflow
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-5167

    A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argume... Read more

    Affected Products : assimp
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-20954

    Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2022-20341

    In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not ne... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-44913

    An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : irfanview exr
    • Published: Aug. 28, 2024
    • Modified: May. 23, 2025

  • 5.5

    MEDIUM
    CVE-2024-45094

    IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin... Read more

    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2019-10513

    Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trustzone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon In... Read more

    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-13498

    An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access which could lead to information disclosure. This vulnerability... Read more

    Affected Products : macos openusd
    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0618

    In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561394... Read more

    Affected Products : android
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-43614

    Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.... Read more

    Affected Products : defender_for_endpoint
    • Published: Oct. 08, 2024
    • Modified: Jul. 08, 2025

  • 5.5

    MEDIUM
    CVE-2022-47355

    In log service, there is a missing permission check. This could lead to local denial of service in log service.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Feb. 12, 2023
    • Modified: Mar. 26, 2025

  • 5.5

    MEDIUM
    CVE-2022-47360

    In log service, there is a missing permission check. This could lead to local denial of service in log service.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Feb. 12, 2023
    • Modified: Mar. 26, 2025

  • 5.5

    MEDIUM
    CVE-2022-47371

    In bt driver, there is a thread competition leads to early release of resources to be accessed. This could lead to local denial of service in kernel.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Feb. 12, 2023
    • Modified: Mar. 26, 2025

  • 5.5

    MEDIUM
    CVE-2020-2683

    Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low pri... Read more

    Affected Products : flexcube_universal_banking
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-42676

    In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-33866

    An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS.... Read more

    Affected Products : windows linqi
    • Published: May. 14, 2024
    • Modified: Apr. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-1188

    A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirem... Read more

    Affected Products : notepad3
    • Published: Feb. 02, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294299 Results