Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-42081

    PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 5.5

    MEDIUM
    CVE-2023-42113

    PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: May. 03, 2024
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2023-20942

    In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges n... Read more

    Affected Products : android
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-21377

    In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-46017

    SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters.... Read more

    Affected Products : blood_bank
    • Published: Nov. 13, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-3506

    Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.... Read more

    Affected Products : related_posts
    • Published: Oct. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-47217

    in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow.... Read more

    Affected Products : openharmony openharmony
    • Published: Nov. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-48360

    in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.... Read more

    Affected Products : openharmony openharmony
    • Published: Jan. 02, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-24465

    Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash. ... Read more

    Affected Products : openharmony openharmony
    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-49602

    in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.... Read more

    Affected Products : openharmony openharmony
    • Published: Mar. 04, 2024
    • Modified: Dec. 16, 2024

  • 5.5

    MEDIUM
    CVE-2023-25520

    NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service. ... Read more

    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-26264

    All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code.... Read more

    Affected Products : data_catalog
    • Published: Apr. 13, 2023
    • Modified: Feb. 07, 2025

  • 5.5

    MEDIUM
    CVE-2023-30414

    Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c.... Read more

    Affected Products : jerryscript
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 5.5

    MEDIUM
    CVE-2023-30610

    aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The `aws_sigv4::SigningParams` struct had a derived `Debug` implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security t... Read more

    Affected Products : aws-sigv4
    • Published: Apr. 19, 2023
    • Modified: Feb. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-1719

    Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page... Read more

    Affected Products : trudesk
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-41525

    An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior.... Read more

    • Published: Sep. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-15583

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 (July 2020).... Read more

    Affected Products : android
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-5136

    An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.... Read more

    • Published: Nov. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45947

    Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from EvaluateExpression and InitDataSegments).... Read more

    Affected Products : wasm3
    • Published: Jan. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-45864

    tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp.... Read more

    Affected Products : tsmuxer
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293625 Results