Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-48638

    Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations s... Read more

    Affected Products : substance_3d_designer
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0394

    In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed... Read more

    Affected Products : android
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0409

    In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561... Read more

    Affected Products : android
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0413

    In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561379... Read more

    Affected Products : android
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-0833

    A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access inf... Read more

    Affected Products : okhttp a-mq_streams
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-29615

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously c... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-1474

    A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap after a MAP_GRO... Read more

    Affected Products : linux_kernel
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-25024

    IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Aug. 15, 2024
    • Modified: Mar. 13, 2025

  • 5.5

    MEDIUM
    CVE-2023-0973

    STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null pointer dereference, which could allow an attacker to deny application usage when reading a specially constructed file, resulting in an application crash. ... Read more

    Affected Products : ifcmesh_library
    • Published: Mar. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-50180

    An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-... Read more

    Affected Products : fortiadc
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0419

    In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403... Read more

    Affected Products : android
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0556

    In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product... Read more

    Affected Products : android
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-36871

    Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], ... Read more

    Affected Products : wp_go_maps
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0572

    In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.P... Read more

    Affected Products : android
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-9552

    In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: An... Read more

    Affected Products : android
    • Published: Dec. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0734

    In Settings, there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure. This could lead to local information disclosure of an installed package, without proper query permissions,... Read more

    Affected Products : android
    • Published: Aug. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-9453

    In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Prod... Read more

    Affected Products : android
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-25345

    Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.... Read more

    Affected Products : android exynos dex
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-1014

    In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no ... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-33721

    A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.... Read more

    Affected Products : android dex
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294326 Results