Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-24473

    The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles... Read more

    Affected Products : user_profile_picture
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-1677

    Azure Active Directory Pod Identity Spoofing Vulnerability... Read more

    Affected Products : azure_kubernetes_service
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-44470

    Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : connect_m
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2021-25252

    Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.... Read more

    • Published: Mar. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-25464

    An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.... Read more

    Affected Products : capture smart_capture
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46486

    Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : jsish
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46494

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : jsish
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-46497

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS).... Read more

    Affected Products : jsish
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27231

    Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.... Read more

    Affected Products : control_panel
    • Published: Feb. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-15734

    An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206B.... Read more

    Affected Products : antimalware
    • Published: Jun. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29564

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.EditDistance`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/... Read more

    Affected Products : tensorflow
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26336

    Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.... Read more

    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-20518

    In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidV... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 5.5

    MEDIUM
    CVE-2022-20574

    In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 5.5

    MEDIUM
    CVE-2021-27550

    Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.... Read more

    Affected Products : polaris_office
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-27791

    The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory... Read more

    Affected Products : fabric_operating_system
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-2088

    In StatsService, there is a possible out of bounds read. This could lead to local information disclosure if UBSAN were not enabled, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:... Read more

    Affected Products : android
    • Published: Mar. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-34069

    Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.... Read more

    Affected Products : tsmuxer
    • Published: Jun. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-34757

    Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vu... Read more

    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-29526

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2D`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/988087bd83f144af14087fe4fecee2d250d9373... Read more

    Affected Products : tensorflow
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293685 Results