Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-21104

    In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L An... Read more

    Affected Products : android
    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025

  • 5.5

    MEDIUM
    CVE-2023-21016

    In AccountTypePreference of AccountTypePreference.java, there is a possible way to mislead the user about accounts installed on the device due to improper input validation. This could lead to local denial of service with no additional execution privileges... Read more

    Affected Products : android
    • Published: Mar. 24, 2023
    • Modified: Mar. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-54683

    In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | =============... Read more

    Affected Products : linux_kernel
    • Published: Jan. 11, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2023-20859

    In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.... Read more

    • Published: Mar. 23, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-20914

    In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution pr... Read more

    Affected Products : android
    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025

  • 5.5

    MEDIUM
    CVE-2023-20826

    In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; I... Read more

    Affected Products : android mt6779 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 mt6873 +17 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-20556

    Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. ... Read more

    Affected Products : linux_kernel windows amd_uprof
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-20241

    Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an o... Read more

    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-20824

    In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +36 more products
    • Published: Sep. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-20265

    A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vuln... Read more

    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-20561

    Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. ... Read more

    Affected Products : linux_kernel windows amd_uprof
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-20240

    Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-... Read more

    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-20040

    A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the... Read more

    Affected Products : network_services_orchestrator
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-1906

    A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an applicat... Read more

    • Published: Apr. 12, 2023
    • Modified: Feb. 10, 2025

  • 5.5

    MEDIUM
    CVE-2016-4771

    The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Sep. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2023-1570

    A vulnerability, which was classified as problematic, has been found in syoyo tinydng. Affected by this issue is the function __interceptor_memcpy of the file tiny_dng_loader.h. The manipulation leads to heap-based buffer overflow. Local access is require... Read more

    Affected Products : tinydng
    • Published: Mar. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-1637

    A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw... Read more

    Affected Products : linux_kernel
    • Published: Mar. 27, 2023
    • Modified: Feb. 19, 2025

  • 5.5

    MEDIUM
    CVE-2023-1642

    A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to... Read more

    Affected Products : malware_fighter
    • Published: Mar. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-1445

    A vulnerability classified as problematic has been found in Filseclab Twister Antivirus 8. Affected is the function 0x80112053 in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs ... Read more

    Affected Products : twister_antivirus
    • Published: Mar. 17, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2023-1786

    Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.... Read more

    Affected Products : ubuntu_linux fedora cloud-init
    • Published: Apr. 26, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293544 Results