Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.9

    LOW
    CVE-2021-25266

    An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.349... Read more

    Affected Products : intercept_x authenticator
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2025-1693

    The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to ... Read more

    Affected Products : mongosh
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Injection

  • 3.9

    LOW
    CVE-2024-41511

    A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter.... Read more

    Affected Products : cadclick
    • Published: Oct. 04, 2024
    • Modified: Jun. 02, 2025

  • 3.9

    LOW
    CVE-2022-20226

    In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Produ... Read more

    Affected Products : android
    • Published: Jul. 13, 2022
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2021-22744

    Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in th... Read more

    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2021-22745

    Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in th... Read more

    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2022-1230

    This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit... Read more

    Affected Products : galaxy_s21_firmware galaxy_s21
    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2024-6294

    udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by ... Read more

    Affected Products :
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2025-27525

    Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through ... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 3.9

    LOW
    CVE-2017-17149

    Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID v... Read more

    Affected Products : hiwallet
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2021-22747

    Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in th... Read more

    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2020-6653

    Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the informa... Read more

    Affected Products : secureconnect
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2023-40732

    A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.... Read more

    Affected Products : qms_automotive
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2024-6295

    udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and ... Read more

    Affected Products :
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2024-32667

    Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 3.9

    LOW
    CVE-2022-23999

    PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.... Read more

    Affected Products : android dex
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2019-2807

    Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure wher... Read more

    Affected Products : solaris solaris
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2023-22656

    Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2025-49597

    handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulner... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 3.9

    LOW
    CVE-2025-6139

    A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can on... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 16, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication
Showing 20 of 293608 Results