Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2021-38514

    Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.... Read more

    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4805

    IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.... Read more

    Affected Products : edge_application_manager
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-0234

    IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.... Read more

    Affected Products : openpages_grc_platform
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-25523

    Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.... Read more

    Affected Products : dialer
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-25939

    In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-priv... Read more

    Affected Products : arangodb
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-6097

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.... Read more

    • Published: Feb. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2024-34633

    Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.... Read more

    Affected Products : notes
    • Published: Aug. 07, 2024
    • Modified: Aug. 09, 2024

  • 4.0

    MEDIUM
    CVE-2022-22348

    IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another ... Read more

    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2025-32996

    In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.... Read more

    Affected Products : http-proxy-middleware
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025

  • 4.0

    MEDIUM
    CVE-2025-20980

    Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-20991

    Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable.... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2006-2945

    Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors.... Read more

    Affected Products : dokuwiki
    • Published: Jun. 12, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2022-39889

    Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.... Read more

    Affected Products : galaxywatch4plugin
    • Published: Nov. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-21463

    Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application... Read more

    Affected Products : android myfiles
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2025-53839

    DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutraliz... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2023-30719

    Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.... Read more

    Affected Products : android android dex
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2004-2621

    Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perfor... Read more

    Affected Products : contivity
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2022-21247

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with net... Read more

    Affected Products : database_server
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-21494

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris execu... Read more

    Affected Products : solaris solaris
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-20396

    IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.... Read more

    Affected Products : security_qradar_analyst_workflow
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293584 Results