Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.9

    LOW
    CVE-2021-35549

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris execute... Read more

    Affected Products : solaris solaris
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2020-1987

    An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alt... Read more

    Affected Products : globalprotect
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2020-2731

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the i... Read more

    Affected Products : database database_server
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2022-1697

    Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.... Read more

    Affected Products : active_directory_agent
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2018-20896

    cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2023-37540

    Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data. ... Read more

    Affected Products :
    • Published: Feb. 23, 2024
    • Modified: Nov. 29, 2024

  • 3.9

    LOW
    CVE-2022-23999

    PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.... Read more

    Affected Products : android dex
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2025-1693

    The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to ... Read more

    Affected Products : mongosh
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Injection

  • 3.9

    LOW
    CVE-2017-17149

    Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID v... Read more

    Affected Products : hiwallet
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2021-22743

    Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TCM 4351B installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the pr... Read more

    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2020-29443

    ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.... Read more

    Affected Products : debian_linux qemu
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2020-11736

    fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.... Read more

    Affected Products : ubuntu_linux debian_linux file-roller
    • Published: Apr. 13, 2020
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2025-32004

    Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 3.9

    LOW
    CVE-2021-25266

    An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.349... Read more

    Affected Products : intercept_x authenticator
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2023-40732

    A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.... Read more

    Affected Products : qms_automotive
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2023-48184

    QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.... Read more

    Affected Products :
    • Published: Apr. 23, 2024
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2025-6139

    A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can on... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 16, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 3.9

    LOW
    CVE-2024-31636

    An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.... Read more

    Affected Products : lief
    • Published: May. 03, 2024
    • Modified: Aug. 21, 2025

  • 3.9

    LOW
    CVE-2019-2954

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedur... Read more

    Affected Products : database database_server
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2019-2955

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logo... Read more

    Affected Products : database database_server
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292882 Results