Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.9

    LOW
    CVE-2025-49597

    handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulner... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 3.9

    LOW
    CVE-2025-6139

    A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can on... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 16, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 3.9

    LOW
    CVE-2020-1738

    A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All... Read more

    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2017-17149

    Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID v... Read more

    Affected Products : hiwallet
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2024-32667

    Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 3.9

    LOW
    CVE-2023-6690

    A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Serv... Read more

    Affected Products : enterprise_server
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2022-20226

    In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Produ... Read more

    Affected Products : android
    • Published: Jul. 13, 2022
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2024-6294

    udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by ... Read more

    Affected Products :
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2025-44964

    A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.... Read more

    Affected Products : bluestacks
    • Published: Aug. 05, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cryptography

  • 3.9

    LOW
    CVE-2022-24000

    PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.... Read more

    Affected Products : android dex
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2021-22747

    Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in th... Read more

    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2021-25350

    Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.... Read more

    Affected Products : android account
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2021-22743

    Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TCM 4351B installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the pr... Read more

    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2017-9635

    Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schne... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2019-5296

    Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability. An attacker with a high permission runs some specific commands on the smartphone. Due to insufficient input verification, successful exploit may caus... Read more

    Affected Products : mate20_firmware mate20
    • Published: Jun. 04, 2019
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2023-0654

    Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick ... Read more

    Affected Products : warp
    • Published: Aug. 29, 2023
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2023-45143

    Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, ... Read more

    Affected Products : fedora undici
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2020-13361

    In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.... Read more

    Affected Products : ubuntu_linux debian_linux leap qemu
    • Published: May. 28, 2020
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2025-0575

    A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack need... Read more

    Affected Products :
    • Published: Jan. 19, 2025
    • Modified: Jan. 19, 2025
    • Vuln Type: Misconfiguration

  • 3.9

    LOW
    CVE-2023-47282

    Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293360 Results