Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2025-43265

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may disclose internal s... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2025-53172

    Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-42971

    A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read ... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-43206

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to access protected user data.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal

  • 4.0

    MEDIUM
    CVE-2025-43226

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6. Processing a maliciously crafted image may ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2022-27832

    Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.... Read more

    Affected Products : android dex
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2010-0682

    WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.... Read more

    Affected Products : wordpress
    • Published: Feb. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2022-42436

    IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.... Read more

    • Published: Feb. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-3241

    export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.... Read more

    Affected Products : phpmyadmin
    • Published: Apr. 26, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2022-38383

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2019-4174

    IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.... Read more

    Affected Products : cognos_controller
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2020-4248

    IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.... Read more

    • Published: May. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2023-43081

    PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files. ... Read more

    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2021-25504

    Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information.... Read more

    Affected Products : group_sharing
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-22269

    Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.... Read more

    Affected Products : android dex
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-6437

    The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers... Read more

    Affected Products : nova
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2022-39895

    Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.... Read more

    Affected Products : android dex
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-39903

    Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number.... Read more

    Affected Products : android dex
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2018-20405

    BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system ... Read more

    Affected Products : bigtree_cms bigtree
    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2008-3502

    Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.... Read more

    Affected Products : rt request_tracker
    • Published: Aug. 06, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294799 Results