Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2020-8717

    Improper input validation in a subsystem for some Intel Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Aug. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-35915

    An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types.... Read more

    Affected Products : futures-intrusive
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-48354

    In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-51752

    The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled.... Read more

    Affected Products : authkit
    • Published: Nov. 05, 2024
    • Modified: Sep. 10, 2025

  • 5.5

    MEDIUM
    CVE-2018-7546

    wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.... Read more

    Affected Products : jinshan_pdf wps_office
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8941

    An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter. The parameter size is unchecked allowing the attacker to... Read more

    Affected Products : asylo
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-32239

    When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1961

    The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with ad... Read more

    Affected Products : google_tag_manager
    • Published: Jun. 13, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-27549

    HCL Launch may store certain data for recurring activities in a plain text format.... Read more

    Affected Products : hcl_launch
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9087

    Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may b... Read more

    Affected Products : taurus-al00a_firmware taurus-al00a
    • Published: Oct. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-31554

    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.... Read more

    Affected Products : mediawiki
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0021

    An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issu... Read more

    Affected Products : windows globalprotect
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9399

    The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.... Read more

    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22303

    An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials ... Read more

    Affected Products : fortimanager
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9624

    Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.... Read more

    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-0381

    In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exp... Read more

    Affected Products : android
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12151

    Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via local access.... Read more

    Affected Products : extreme_tuning_utility
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-21276

    In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. ... Read more

    Affected Products : android
    • Published: Aug. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-21280

    In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Aug. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-43624

    CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information ... Read more

    Affected Products : cx-designer
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293675 Results