Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.4

    LOW
    CVE-2022-41595

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41603

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2025-0167

    When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Information Disclosure

  • 3.4

    LOW
    CVE-2015-20112

    RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network.... Read more

    Affected Products :
    • Published: Jun. 29, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cryptography

  • 3.4

    LOW
    CVE-2016-3484

    Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : database database_server
    • EPSS Score: %0.12
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.4

    LOW
    CVE-2025-46814

    FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-... Read more

    Affected Products : fastapi
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Misconfiguration

  • 3.4

    LOW
    CVE-2022-41601

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2024-3568

    The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by ... Read more

    Affected Products : transformers
    • Published: Apr. 10, 2024
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2024-51993

    Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable ... Read more

    Affected Products : itop
    • Published: Nov. 07, 2024
    • Modified: Apr. 04, 2025

  • 3.4

    LOW
    CVE-2023-37900

    Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crosspl... Read more

    Affected Products : crossplane crossplane
    • EPSS Score: %0.06
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2022-41602

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2025-7339

    on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade t... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Misconfiguration

  • 3.4

    LOW
    CVE-2020-14548

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unau... Read more

    Affected Products : business_intelligence
    • EPSS Score: %0.58
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2022-41597

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2023-38301

    An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto ... Read more

    Affected Products :
    • Published: Apr. 22, 2024
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2025-25983

    An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component.... Read more

    Affected Products : v380_pro
    • Published: Apr. 18, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 3.4

    LOW
    CVE-2025-52889

    Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services (DHCP, DNS...) that partially bypass security options `security.mac_filte... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Misconfiguration

  • 3.4

    LOW
    CVE-2022-41600

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2024-20038

    In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALP... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6855 mt6873 +21 more products
    • Published: Mar. 04, 2024
    • Modified: Apr. 22, 2025

  • 3.4

    LOW
    CVE-2007-1716

    pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.07
    • Published: Mar. 27, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291564 Results