Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.5

    MEDIUM
    CVE-2020-9064

    Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerabil... Read more

    Affected Products : honor_v30_firmware honor_v30
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2017-10169

    Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Operation Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more

    Affected Products : hospitality_9700
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025
  • 5.5

    MEDIUM
    CVE-2017-10056

    Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Property Management Systems). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logo... Read more

    Affected Products : hospitality_9700
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025
  • 5.5

    MEDIUM
    CVE-2021-46649

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or... Read more

    Affected Products : microstation_connect microstation view
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2019-19696

    A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allow... Read more

    Affected Products : password_manager
    • Published: Jan. 18, 2020
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2023-40650

    In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Oct. 08, 2023
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-48458

    In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2023-32825

    In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6855 mt6873 +35 more products
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-33172

    de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC.... Read more

    Affected Products : de.fac2
    • Published: Aug. 24, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2022-26394

    The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.... Read more

    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2019-1995

    In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient... Read more

    Affected Products : android
    • Published: Feb. 28, 2019
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2016-0591

    Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supplier Change.... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025
  • 5.5

    MEDIUM
    CVE-2008-2601

    Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025
  • 5.5

    MEDIUM
    CVE-2021-0682

    In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is... Read more

    Affected Products : android
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2021-25453

    Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.... Read more

    Affected Products : android dex
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2019-8668

    A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service.... Read more

    Affected Products : iphone_os tvos watchos
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2020-0500

    In startInputUncheckedLocked of InputMethodManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2019-2038

    In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Prod... Read more

    Affected Products : android
    • Published: Apr. 19, 2019
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2004-2331

    ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.... Read more

    Affected Products : coldfusion
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
  • 5.5

    MEDIUM
    CVE-2011-3993

    SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to... Read more

    • Published: Nov. 03, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293947 Results