Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-0020

    In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execut... Read more

    Affected Products : android
    • Published: Feb. 16, 2024
    • Modified: Mar. 19, 2025

  • 5.5

    MEDIUM
    CVE-2022-20527

    In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed fo... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-37347

    Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This... Read more

    Affected Products : security windows
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2022-37373

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... Read more

    • Published: Mar. 29, 2023
    • Modified: Nov. 27, 2024

  • 5.5

    MEDIUM
    CVE-2024-39322

    aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in th... Read more

    Affected Products : ai-controller-frontend
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-20802

    Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.... Read more

    Affected Products : android dex
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-20808

    Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.... Read more

    Affected Products : nearby_device_scanning
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-20898

    Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.... Read more

    Affected Products : android android dex
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-33918

    Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information.... Read more

    Affected Products : geodrive
    • Published: Oct. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-21327

    In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed.... Read more

    Affected Products : android
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-21765

    Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.... Read more

    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2024-22337

    IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Feb. 17, 2024
    • Modified: Dec. 03, 2024

  • 5.5

    MEDIUM
    CVE-2024-20462

    A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability i... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 31, 2024

  • 5.5

    MEDIUM
    CVE-2024-26333

    swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c.... Read more

    Affected Products : swftools
    • Published: Mar. 05, 2024
    • Modified: Apr. 01, 2025

  • 5.5

    MEDIUM
    CVE-2023-27754

    vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow caused by incorrect use of memcpy() funciton. The flow allows an attacker to cause a denial of service (abort) via a crafted file.... Read more

    Affected Products : vox2mesh
    • Published: Mar. 22, 2023
    • Modified: Feb. 26, 2025

  • 5.5

    MEDIUM
    CVE-2020-3491

    A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on a... Read more

    Affected Products : vision_dynamic_signage_director
    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-23441

    Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver.... Read more

    Affected Products : windows vba32
    • Published: Jan. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-26361

    A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.... Read more

    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-25453

    Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function.... Read more

    Affected Products : bento4
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 5.5

    MEDIUM
    CVE-2022-33685

    Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293946 Results